Valid points. Has there been any case where a redirection malware has actually changed the destination address? This is why I do routinely check the first 6 and last 6 of each sending address. I know some of those redirection scripts are cleared out by Malwarebytes Premium but obviously if the malware is new or is relatively low availability in the wild then it probably won't get picked up on by the scanner's heuristics.
BIP143 (PSBT) has a known vulnerability to trick the user into signing a fraudulent PSBT by having the device constructing an error message. I think most of the HW wallet should've been patched but I'll need somone to confirm this. Other than that, I think generally it's possible to intercept the signing process and that's why HW wallet has a screen for you to check.
When I purchased my Ledger I heard about the Trezor vulnerability. I assume they would have changed the chip since then - perhaps they have not updated it. My Ledger requires a pin to be entered to access the device and clears the seed if it fails 3 times. Are the Trezor's still hackable with a pin/password if physical access is available?
They'll need to bruteforce it then. Just use a strong password but if I'm going to buy a new HW wallet, I wouldn't buy one that could potentially be hacked. A Pin/Password is a workaround, not a fix.