You can also keep the private key offline on a computer with the ethernet and wifi and bluetooth adapters physically removed, then use it to sign transactions offline. Then copy them manually to a 'live' computer. The problem is, when you make things complicated like this, your risk of losing money due to a screw-up can be larger than your risk of being hacked.
Physically removing network interfaces is a good step to ensure the device is really
airgapped.
But i disagree with a higher risk due to screw-ups. If the seed/private keys are backed up properly i don't see a higher chance in losing funds compared to a
desktop wallet running on an everyday-pc.
While i agree that there indeed is a risk in screwing up i think that with proper back ups (which everyone should have, regardless of storing type) this risk can be compensated.