Agree with point 1, but point 2 is confusing.
A good hardware wallet is meant to reduce the need of trust in the OS and physical security of the device. So in my opinion, the safest wallets' security should not depend on the system it is running on / the building it is placed in.

That's their entire point: you stick that thing into an infected machine? Software can't do anything without you confirming a receiving address on the wallet's screen & entering some sort of passphrase. Someone breaks into your house or steals it from your bag? Can't do anything without passcode & reading out the memory isn't possible either.

Not all hardware wallets fulfill these requirements (e.g. ones without secure element can be read out), but any falling under the safest category should and do exist.