Hardware wallets(Ledger Nano S) need connecting to PC, the PC is online.
The private keys still doesn't leave the Ledger device; regardless if it's online or not. My point still stands.
"Your private keys are held in a Secure chip, and they never leave it. Whenever a transaction is signed within the Secure chip, the private keys never become visible to the computer the Ledger device is connected to. A compromised computer will never be able to access the contents of the Secure chip."
Read:
https://support.ledgerwallet.com/hc/en-us/articles/360000380313-Discover-our-security-layersWhile, I think the bigest problom of hardware wallets is seed-words backup issue. Keys loss is big threat than theft for most of users
This "issue" you're referring to is an "issue" of all wallets that's using 12-24 word seed backups, not just hardware wallets.