The real danger comes from an advanced malware (2) and a 'bad' user habit (e.g. using same USB to transfer TX's back and forth).
You can never negate every attack vector. The goal should be to make the possibility of getting the private keys compromised as low as possible while still keeping the usability in mind.
You could set up a webcam for the offline pc and use that to load the tx rather than using a USB flash drive. A much more secure method this is, as you know for a fact that only the tx is being transferred.
Thats literally what i have mentioned 2 lines above the one you have quoted:
it also can be warded off by simply never use a storage device which has been plugged in into the airgapped pc (e.g. do transfer unsigned TX with a CD which you afterwards destroy, and transfer the signed TX to an online PC via QR codes).
The only difference is that i have mentioned a CD which will be destroyed, but thats related to the whole (second) point of my post.
It is still worth to note that this also does NOT mean 100% security.
An attacker could foist you a malicious version of a QR code reader, which will modify the transactions on transmission.
This, of course, is a very unrealistic attack vector. But the possibility does still exist. Especially if people have access to your offline machine (assuming the machine is accessable and the private keys are encrypted).