Two keys are on servers as I see it. The key from your mobile is stores on your cloud service. So if you’re using a iPhone that would be iCloud. What else happened with this key is unknown (to non technical users at least). 

Ultimately it’s personal risk assessment and a decision one has to make but I would definitely prefer a multisig without HW over the bitkey as it is right now.