You get something like 17 bits of password strength per word, depending on the size of your dictionary. (The relevant xkcd estimates more like 11 -- which makes sense because /usr/share/dict/words has a lot of obscure words, shitty words, and alternate forms of words, that you would probably exclude when generating a password.)
So if you want a passphrase that's secure against brute force, you'd want more like 7-12 words.
So if you want a passphrase that's secure against brute force, you'd want more like 7-12 words.