Even using desktop wallets is fine 99% of the time, if you take some basic security precautions.
I wouldn't say 99%.. but it definetely can be somehow safe.
But there are still exploits which simply arent fixed yet and are a perfect entry point for malware targeting crypto user.
There are things which you can't protect yourself from with a desktop wallet.
Additionally the 'basic security precautions' are probably not achievable/doable for 90%+ of the daily windows user.
Regarding hardware wallets: for me the jury's still out. I don't like being dependent on a hardware device in case something goes wrong with it.
Electrum is an open source program that I can run directly from source code without installation. That's very empowering.
You can enjoy the electrum GUI and still have the security of a hardware wallet.
When creating a wallet in electrum you have the choice to add a HW wallet (which will hold the private keys / do the TX signing).