The high priority is making it safe to use, even if your computer gets infected by malware.
I don't see how can that be possible without the use of a "uninfectable" dedicated device to sign the transactions.
That quote refers to multi-sig implementation where one of the two private keys are on a second device (like say mobile phone). Compromise of funds would require finding and compromising two independent devices. It would raise the bar significantly.