Any of a kind Bitcoin wallet need to share private key on the internet-connected machine.
Bitcoin client has no responsibility for to keep private key secure. If your's machine connected to the internet, your keys can be hijacked, because your machine can be hacked before you import keys.
The questions is, how to trust any of existing crypto-wallets to store private keys?
P.S. My answer is "no trust" to all of them.
Short answer: Your answer is correct.
Long answer: The issue of "trust" is pretty complicated. If we look at any problem from security officer point of view it is easier to mark everyone as untrustworthy and simply deny everything (because everything is a possible threat to some extent). In perfectly safe condition nothing really works. However to maintain reasonable productivity you need some way of risk-tolerance. Whole human infrastructure piled upon this concept and every time you take a plane or drive your car you accept potential risks of those activities. To be successful in assessing your risks you need to carefully consider:
what you trying to achieve?
what path you can take in acheiving it?
what risks each path bares?
what is the cost of taking each path?
what will happen if your worst risk will actually happen?
Applying all of the above there are 2 usual scenarios that comes to mind:
1. You are small bitcoin holder that involved in day trading on some exchanges. This way it will be convenient to simply keep your assets on your favorite platforms and store profits in either cold wallet or in fiat.
2. You have alot of BTC that you don't often use. In this case you probably want to store everything in cold wallet.
In real life it is usually a mixture of two above cases where you want to assess and decide how much of your assets to store online and how much to store in cold storage. But ultimately - unless you are the only one who have access to private key - you are NOT in control of the coins.