As long as you verify the signature on the software you have downloaded (or built if from source, verifying the sig on the tag), you know your wallet software isn't compromised. Here we're assuming the developer is well established and trusted. This will be our premise for the practical attacks on air gapped signers. We're also assuming there isn't just someone able to point a camera at your screen/keyboard when you type in your password then walk in and steal the signer. We're only addressing software attacks.
How about this kind of software attack:
1. Someone some how detected that I downloaded Armory
2. While copying the armory to my offline PC the attacker succeeds to also copy another malware file also through the USB hardware
to my offline PC (the armory itself is valid but he has another spying file).
3. When creating the offline wallet the malware is there spying.
4. When I am copying the watch-only wallet file with the USB hardware to the online PC the attacker passes again a hidden file with all my private keys to the online PC.
Is this kind of attack is not something I should be worried about?
Thanks again!