I'm confused as to why the PIN code is entered into the wallet application, rather than the device itself
This is covered in our FAQ:
http://www.bitcointrezor.com/faq/#safe-enter-pin-computer-not-trezorsurely that increases the risk of a successful physical theft. Assuming the PIN code is not changed on a regular basis, using the device on an infected workstation would essentially render the PIN code useless if attacked through a combination of both digital and physical means.
Trezor uses two-factor authentication - something you have (trezor) and something you know (PIN). If an attacker has physical access to your Trezor and he also controls your computer, you're screwed. But with physical access to the device, having physical keyboard doesn't improve the situation too much.