Just be careful in assuming that your ColdCard is completely safe. Just because an attack like this has only been demonstrated on a Trezor, doesn't mean a similar one (or indeed, a completely different attack) is not possible on a ColdCard, a Ledger, or any other hardware wallet.

I don't own a Trezor, but provided you realize that someone has physical access to it, and you have your seed backed up properly, then you should still have ample time (provided any reasonable length of passphrase) to sweep your funds to a new wallet.

Secure enough. With enough time and access to a lab with electron microscope (or money to rent such a thing), your seed is probably extractable from any hardware device. The hardware wallet buys you enough time to retrieve your mnemonic phrase and sweep your funds to new wallet.