I hope people won't break into homes just to get a Ledger. It'll help if you keep it in a safe or somewhere obscure but it's PIN code should nullify the effectiveness of any physical attacks, barring any zero day exploits on that appearing any time soon.
People willing to break in to your house to look for a Ledger aren't going to have three goes at guessing the PIN and then give up and leave empty handed. The concern is with $5 wrench attacks compromising the physical safety of everyone in this database. Everyone involved should set up multiple passphrases if not using them already to give some form of plausible deniability, as well as examining their physical security.
And buy them offline? Sadly not everyone can fly around the world to buy some stuff.
If you can't buy in person, then I think the next best option would be as follows:
Create a brand new Amazon account over Tor with a fake name and address and a brand new email address
Buy a hardware wallet using a gift card you have bought with cash or mixed bitcoin
Ship it to an Amazon locker, hub, or pick up point which only requires an email confirmation and not any ID to collect
I've not actually tried this myself though, so I don't know if Amazon would throw any spanners in the works. You could also replace Amazon with any other company which would ship to a pick up point or similar.