Are people that bad educated?

I mean, sending sats to an exchange or "service" for yield, I guess some might still fall for it, but it has nothing to do with recovery phrase ("seed") that's getting compromised.

Proper management of the recovery can be tricky at first and some might make mistakes but depending on their threat model and amount involved, that's might still be good enough. When the threat model change and amount get more significant, people can take new measure to improve their strategy.

I would say that most people have a recovery that have been compromised, it means (for me) that someone else got access to it ans make a copy, waiting for the value to be high enough to stell the sats. Or that a copy would theoritically be accessible by a hacker, virus or malware hidden in another software, which should not be the case for a wallet generated offline (on a temporary OS or hardware wallet).

Passphrase, multiple wallet, multisign, miniscript wallets, can all be options to improve and mitigate various risks, with each their pro and cons.

How can we improve users knowleadge to help them figure out what is best for their situation?