"Not secure and no one should use them"
That strikes me as an awful strong claim. It may well be that many people use them insecurely, or even that using them securely is impractical. But it certainly isn't impossible.
I've probably mentioned before that I'm a fan of Diceware for strong passphrases. You have a list of 7776 words and pick one by rolling 5 normal dice. It's completely random, and also nicely easy to quantify exactly how many possibilities there are. Each word is worth a little under 13 bits of "random". So to get 256 bits (the length of the private key), you'd need 20 words. Obviously memorizing 20 random words is not an easy task, but it's doable.
Or another option, English text is said to contain 1 to 1.2 bits of information per letter. So if you can memorize a 256-letter non-random (but unpublished) paragraph that should do the job as well.
And either of those method are probably more secure than necessary. A bitcoin address is only 160 bits, significantly shorter than the 256-bit private key, so I would guess that's a reasonable length to shoot for and still get very good security.