There are two types of passphrase. An encryption for the seed or an extension for the seed. The former is recommended for Trezor as there is an unfixable vulnerability which allows for an extraction of the seed given physical access to the device. An encryption on top of it would make the attack practically useless.
Please, never mind this, I do not get your point here. The encrypted passphrase should be BIP38 right? Which is also even called password, correct me if wrong. But, the hierarchical deterministic wallet only follow the BIP39 passphrase standard which is generated through salting in which making seed phrase to generate another keys and addresses entirely, this are the passphrase which make use of extra words, and it is what is supported by Trezor. BIP38 is used for wallets like paper wallet, not hierarchical deterministic wallets.
My biggest concern is that someone may hack it while I'm connected to my PC while I'm in Trezor Suite desktop app.
You will need to operate your wallet in a safe environment, making your computer to be completely safe from malware.
Like,what if someone can hack it while I'm making transaction or if I catch spy malware or some virus or someone infiltrate my PC without my knowledge?
You need to know ways to protect your device, making it not have malware. You will need to learn this before making use of bitcoin at all. Learn how to use your device in a way you will stay away from alware.
Also,now when I set up Trezor and wrote down seed words as well as PIN,do I have to worry about anything else or is that all I need to have excellent protection?
The most important is the seed phrase, you need the pin to access your wallet, but if you are import the seed phrase to another wallet, the pin is no more needed. But remember what I posted above, that if the passphrase is included, you will need it along during seedphrase importation.
In case you later decide to use passphrase. This warning will be helpful:
Important characteristics
The passphrase is not stored anywhere on the device. It is only used temporarily whenever you enter it.
A passphrase, as implemented in Trezor devices, can be any character or set of characters, a word, or a sentence up to 50 bytes long (~50 ASCII characters).
Passphrases are case-sensitive - lowercase and uppercase characters are distinguished and count as different.
A space (blank) is a valid character.
The passphrase and recovery seed belong together. Neither can be used without the other if you sent your coins to a passphrase protected wallet.