Hardware keys are the only real practical way to have keys offline, which is always safer. And not just for Bitcoin, but in general for BYOK: certificates, passkeys, etc. We should always prefer keys we own and generate, with services only adding or removing trust from public key hashes. Trusting the key hardware and software, so long as it is open source, is no different from trusting your bitcoin node, wallet, nostr client or relay. The real problem is that the privacy situation today sucks. Everything is a cloud service accessed through an proprietary OS by one of a handful companies. Difficult to protect your data from being stolen, keys and all.