In my opinion, you have to be a complete idiot to trust your money to any electronic device, provided by any 3rd party, for any reason whatsoever right now.
Paper wallets all the way.
So you spend your paper wallet by computing ECDSA signatures in your head ;-).
Everything around TREZOR is opensource and auditable. Private key never leaves the device. All random numbers are generated from mixed entropy from HRNG and computer's randomness. Builds are deterministic. Firmware update need to be confirmed by user and firmware fingerprint is validated by bootloader. There's no WIFI/bluetooth on board (you can buy two trezors and open one of them to check yourself).
We've put ~two years of designing and developing this stuff with top security in our mind. I really don't think that people will find some vulnerability after few minutes of thinking, which we did not considered already :-).