There's no reason to trust the developer of a hardware wallet any more than there is to trust the developers of software wallets. The difference is that however well meaning the developers are, a software wallet is inherently insecure. A hardware wallet, running on an entirely 'known' system, should be considerably more secure. If the developers are dishonest then all bets are off - even if the source code checks out.

You can also keep the private key offline on a computer with the ethernet and wifi and bluetooth adapters physically removed, then use it to sign transactions offline. Then copy them manually to a 'live' computer. The problem is, when you make things complicated like this, your risk of losing money due to a screw-up can be larger than your risk of being hacked.