And not to mention the physical confirmation of transactions. No malware, no matter how well-constructed, has yet learned how to physically confirm a transaction sent out with a hardware wallet. With software wallets, that's often the case, as we can see with the various fake Electrum apps that empty the bags of users after installing or inputting the seed.