But, can we really trust those behind the development? Can we trust that the government haven't got their hands in things?
You don't understand the importance of open source code. Most major companies' code is closed source, so your average user can't just take a look and see whether the code that they produced is safe.
The hardware wallets require for you to consent to an update, so if an update contains malicious code, it's almost certain that several reputable users will have reviewed the code and publicised the problem.
Therefore, the reputation of the developers (while it is actually very good for TREZOR by the way - they own Slush Pool for example) is pretty much irrelevant in this case.
The more valuable Bitcoin becomes, the harder it is to blindly trust any method of coin storage.
That's why we have offline storage.