Single or multiple vendors don't matter much AFAIK, because it's essentially working on the same ground. If let's say, one of the vendors went dead you can load the key on another wallet.

Both are fine configs imo. Even if one of the sig owner's computer got hacked then it's still okay as long as the others are still safe. Being online isn't necessarily bad in this case.