Trezor is also
open source. All Trezor does is keep your private keys offline and sign transactions. Both Electrum and Multibit HD are lite wallets. Electrum has the option of cold storage using two computers like Armory, or you can use Trezor or Ledger with Electrum to sign.
Indeed. But how do I know for sure that nobody modified the firmware on the trezor. For example somthing like this:
privkey = SHA256(privkey & 0x000FFFFFFFFF); // Leave only 36 bits of entropy
that will be exceedingly difficult to detect, but the culprit could harvest all Trezor wallets a year later.
Yes, I know, the same could be done in the precompiled binary of a wallet. At least in Armory, I could generate the keys by shuffling a deck of cards.
But I am probably being unduly paranoid.
Read the FAQ or user manual:
Official TREZOR firmware is signed by the SatoshiLabs master key. Installing unofficial firmware on the TREZOR is possible, but doing so will wipe the device storage and TREZOR will show a warning every time it starts. Reprogramming the bootloader is impossible, because all TREZORs ship with their secure programming fuse blown.
If you have a specific question not answered in the manual slush is usually pretty quick to respond to posts on the Trezor subreddit.