Paul bought the hardware wallet with the intention of better security, but the power of better security from the hardware wallet isn't utilized because his portfolio is still connected to the software wallet which means if he loses his seed phrase written down on a piece of paper, then access to his coins is also lost.
You would lose access to your coins on a hardware wallet as well if you lost the corresponding recovery phrase. So it doesn't matter if that seed is used on a software or a hardware wallet.
The best he should have done imo is create a totally new wallet on the hardware wallet and sent the coins from software wallet to this hardware wallet without forgetting to backup the hardware wallets seed or private key.
OK, we are moving in the right direction. You are saying that he should create a new wallet on his hardware device and generate a new seed. Why can't he use the old seed that was entered in a hot wallet? Is that not a good option and why not?
A small correction in regards to your quote. When you are using a hardware wallet, the private keys remain on the device at all times. You don't have access to them. They are only used during the transaction signing process. There are advanced methods to get them them out, but that's another story.