[jbermudes]

I think you did enough due diligence by putting the random part first, but I suppose one way to stop someone from putting in a real BIP39 mnemonic would be to use a completely different set of words than those allowed in BIP39.

[nick3443]

Make the text fields non-editable or drop them entirely? The writing and clickable demos provide a very good lesson without using any text input.

[sudahtigabulan]

I think the disclaimer is the best an honest site owner could do in this case.

If the site was malicious, there wouldn't be any disclaimer, and once you insert a passphrase, BIP39 or not, in a text field, it's game over. No need to press Submit even, some JavaScript will send it wherever it has to.