In the event that your private key is exposed, the passphrase is the last (and often weak) defense of the privacy of encrypted content. As a result, you should use a strong passphrase here. Note that GPG does not assess the strength of a passphrase that you choose.