OK, say you want to make a transaction. You fill out four things in the PC client: the wallet to transfer from, the amount of BTC, the destination address and the password for the wallet.
You press OK, and the transaction is sent to the device via USB for signing.
The Send-To address is changed by malware to another address before being sent to hardware wallet for signing. Hardware signs the transaction.
You cannot get any security on compromised computer! It is only a question how sophisticated is the malware.
I was going to say something about using a hashed protocol, however if malware is on the computer it doesn't matter. The idea here is golden, as it does not involve a computer. This is for receiving only if I understand correctly.