Simply being offline does not solve all security problems. If you just turn off your Internet connection, that's nearly useless, because keyloggers would report back to their servers as soon as they will get a chance. And even airgaps don't protect you from malicious wallets. You need to understand that you're putting your trust in whatever method you choose to generate your private keys, and the best way to put your trust is to use open-source projects with decent community, because you're not just trusting developers, you're also trusting hundreds if not thousands of users who verified the codebase, so the chance of malicious code is very low.