The OpenPGP standard includes format for encoding private keys as sequences of bytes, and for symmetrically encrypting sequences of bytes with a password-derived key. While any PGP implementation is free to store private keys in any way that it sees fit, most (if not all) will use the OpenPGP formats.
The critical point in password-based encryption is how the password is derived into a key. This is all the password hashing theory: the derivation process shall be made slow (e.g. with a configurable number of iterations) and should use a variation parameter called a salt. OpenPGP includes a "decent" password-based key derivation, called Iterated and Salted S2K. If you take care to specify a high enough count (that is, as high as is tolerable on your machine), then you can get good security. With the GnuPG implementation of OpenPGP, the iteration count is specified with the --s2k-count command-line option.
Of course, the primary defence against brute force on a password is to choose a strong password, that is a password with a lot of randomness in it. Iterations and salts are just methods to cope with the not-so-strong passwords that erupt within the tangled mess of human neurons.
