Each wallet is as safe as your Global Password + Global PIN + its Wallet Password + its Wallet PIN and of course YOUR BACKUP.
If something is easily guessed or very short, it is not considered safe.
The encryption of backup data on the Paper QR backup, MicroSD and even the BC Vault itself is exactly as strong as you make it.
You have to keep in mind, that for someone to gain access to your crypto wallets, stored on the BC Vault, they need EVERYTHING:
- The BC Vault backup (either from microSD card or paper QR codes)
- Your Global password and Global PIN
- Your Wallet password and Wallet PIN (for each wallet)
This is why exposing one element of the above will not compromise anything. It is completely impossible to gain access to your wallets with all the passwords and pins, but WITHOUT THE BACKUP and vice versa.
BEST PRACTICE: Store the backup on the microSD cards (yes, you can create many) that are never inserted into any device but the BC Vault itself. This would mean, that potential remote attacker can never gain access to the backup file itself.
REMOTE ATTACKER VECTOR: Creating a paper QR backup on fully hacked/compromised computer could result in remote attacker getting their hands on the backup (grabbing the screen, PDF file, image....) and the password (sniffing your key presses). In such case your only remaining protection would be the length of the PIN, since that is entered on the device itself and not visible to the attacker and if you would use short PIN attacker might try to brute force it (try all possible combinations). Also note, that no backup can be created without you confirming the action on the BC Vault device itself! Thus attacker can't create the backup by him
As you can see it takes much more to compromise BC Vault device as opposed to wallets using BIP39 seed words (attacker only needs your 24 words), but it always comes down to you!
TAKE CARE NOT TO EXPOSE ANY MENTIONED SECURITY ELEMENTS to make life of potential attackers much more difficult.