Coldcard actually uses two different third-party, known elements, and overall there is more risk plugging your signing device into a computer than using psbt / chip transfer/ QR codes.
Personally, I don’t want my signing device to touch the computer. Some people might be more likely to lose their seeds, so a device like Jade or BitKey might be ideal.
Ultimately I think all the devices we have talked about are very secure, and it is just a matter of preference. 

“The COLDCARD Mk4, unlike its predecessors and other products like it on the market, has two Secure Elements (SE) : Microchip’s ATECC608B (which we will refer to as SE1) and Maxim’s DS28C36B (referred to as SE2)”

https://blog.coinkite.com/understanding-mk4-security-model/