You should never be generating a wallet, paper or otherwise, on a device with internet access enabled, for this very reason. The correct way to generate a paper wallet with bitaddress is to download the site, verify your download, and then transfer it using removable media such as a USB drive to a permanently airgapped machine running a totally clean OS. Most users would use a live OS such as Tails or another Linux distro.

I have a couple of paper wallets, and have used bitaddress in the past, but all my paper wallets are now simply in the form of a seed phrase and passphrase written down on separate pieces of paper. I did this for three reasons. Firstly, it is easier to spend coins from a seed phrase, in that I can import it to a wallet on an airgapped machine, make my transaction, and the change will return to the same seed phrase. If your paper wallet is simply a single private key, then you need to create a whole new paper wallet to receive the change, which is a hassle. Secondly, if someone discovers a private key, they can sweep all the funds. If someone discovers a seed phrase, they would also need the passphrase which I have stored separately, and so my funds remain safe. Third, for these wallets I like to generate entropy manually by flipping a coin, and manually convert my entropy in to a seed phrase, to minimize trust I have to place in third parties.

Personally, I use paper wallets, hardware wallets (only Ledger devices now since the multiple major flaws reported in Trezor devices: https://donjon.ledger.com/Unfixable-Key-Extraction-Attack-on-Trezor/ and https://blog.kraken.com/post/3662/kraken-identifies-critical-flaw-in-trezor-hardware-wallets/), airgapped wallets, and a mobile wallet. Mobile wallets are by far the least secure, but they serve a purpose of holding small amounts of day-to-day spending bitcoin which would cause me no financial issues if I lost.