Nice old post about the mnemonics bruteforcing complexity:
So if we take in consideration todays total hashrate of the whole bitcoin network (https://blockchain.info/charts/hashrate) and assume that the network can check mnemonic combinations with the same speed (which it cannot actually)  the “guessing speed” will be ~35K PH/s
or ~3e4 * 1e15
or ~3e19 H/s
. Which means that every second the whole network will guess ~30’000’000’000’000’000’000 combinations. That’s A LOT, isn’t it?
For a standard cardano wallet with 12 mnemonics there are (2048^12)/16
possible valid combinations, or ~3e38
combinations. If we divide the number of all combinations on the number of combinations guessed each second  we will get that the whole bitcoin network will need around 1e19
seconds, to try all possible combinations.
1e19
seconds is ~1.6e17
minutes, or 2.7e15
hours, or 1.15e14
days or 3.17e11
years. There we have it  the whole bitcoin network would need ~317’000’000’000 YEARS in order to try all possible standard 12word wallets.
Want to do the same for paperwallets? Paper wallets have 27 secret words, which gives (2048^27)/512
possible combinations with is ~5e86
. Dividing it by hashpower and rounding up gives us ~5.07e59
years, or somewhere around this number of years:
507 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000
P.S. There was a lot of discussion about the security of 9 words that are not printed on the paperwallet but filled out manually. Well, (2048^9)/512
~ 1.2e27
which gives us ~1.3
years.
So even if some extra “el33t h4x0r”, or CIA, or aliens would decide to break into your printer just to steal your 18 secret words that are printed on the paper  they would additionally have to rent the WHOLE bitcoin network for more than a year to have a guaranteed chance to get your ADA
And don’t forget that it’s an IMAGINARY use of a LARGEST computerpower network on the planet, which, of course, impossible in reality. Idk, works for me. As I mentioned before  I am totally ok getting some paperwallets on a USB stick and going to a public printingservice to get them done on a colored printer and some nice paper. Zero concern about their clerks hacking me later
P.P.S Just some interesting stats, but anything under 9 words should already be considered totally insecure, for example:

3 word key gives
(2048^3)/2
or~4e9
combinations and would be completely iterated by the assumed network in under a second 
6 word key gives
(2048^6)/4
or~1.8e19
and would also be iterated by the imaginary network in under a second.