So what ways of keeping bitcoins safe do you recommend then? Many people consider hardware wallets as something that is not possible to breach because they were told so.
Yes, and that was irresponsible marketing. Most security-minded people know better than to blindly trust software/hardware just because it hasn't been broken
yet. I believe exploits will continue to emerge when it comes to hardware wallets. Accordingly, users should tread with caution.
As for what I recommend -- traditional cold storage for most coins:
I still treat hardware wallets as experimental -- perhaps safer than a typical hot wallet setup, but nowhere near the safety of actual cold storage. Keeping all private keys on one or two devices that plug into online computers just feels way too risky to me. I use tried-and-true cold storage methods (paper wallets, encrypted offline .dat) for 80-90% of my coins. I know that compromising those keys from me would take an extremely targeted attack on me -- the likelihood of that is low. Whereas, I believe that hardware wallets are generally a very big target for hackers, and methods for remote exploits are now emerging.
The biggest takeaway from this report, I think, is don't put all your eggs in one basket.
The only alternative I can think of would be paper wallets but, these are not suitable for spending on a regular basis.
How about an air-gapped PC? Or an encrypted wallet on thumb drive? One of the points here is that nobody should be storing all (or most) of their coins in the same wallet they regularly spend from.
I still think hardware wallets are fine for day-to-day spending. But I would treat them like a hot wallet and be on the lookout for social engineering tactics.
It's worth noting that paper wallets have also been seen to have defects, and those have been corrected, and modern paper wallets are more secure than early ones were.