The nano s AND trezor BOTH had security vulnerabilities in the past.
But all of them required physical access to the device.

Calling one of them not safe, is the wrong way. Vulnerabilities do ALWAYS exist. In each kind of software.
It is just a question on whether / when they are found and how fast / efficient they are going to be fixed.

Yet, no vulnerability has lead to a loss of a trezor or nano s (at least there is no case publicly spoken about).


Both can be assumed to be secure. They are not 100% secured, but you can never achieve full security.