Hardware wallets(Ledger Nano S) need connecting to PC, the PC is online.
The private keys still doesn't leave the Ledger device; regardless if it's online or not. My point still stands.
"Your private keys are held in a Secure chip, and they never leave it. Whenever a transaction is signed within the Secure chip, the private keys never become visible to the computer the Ledger device is connected to. A compromised computer will never be able to access the contents of the Secure chip."
Read:
https://support.ledgerwallet.com/hc/en-us/articles/360000380313-Discover-our-security-layersWhile, I think the bigest problom of hardware wallets is seed-words backup issue. Keys loss is big threat than theft for most of users
This "issue" you're referring to is an "issue" of all wallets that's using 12-24 word seed backups, not just hardware wallets.
1. Without airgap, no one can confirm "keys will not leave device". iPhones/iTouch also have the keychain(Secure Element/chip) and application sandbox mechanism, which can also be said: if the iPhone did not break jail and the wallet app did not disclose your keys then no one can touch your private-key on the device(iPhone).
2. Multisig and redeemable address can solve backup "issue". One key is encrypted backed up will never lose, other cold keys with airgap protection.
3. I still think most people will forget and lose their bitcoins themselves. So for users who are not familiar with tech and neglect data backup, using a soft wallet even a web wallet is not a completely wrong choice.