Generally:
No closed-source, web- or online wallets.
Your wallet can only be as secure as the system it is running on / the building it is placed in.
Agree with point 1, but point 2 is confusing.
A good hardware wallet is meant to reduce the need of trust in the OS and physical security of the device. So in my opinion, the
safest wallets' security should
not depend on the
system it is running on / the building it is placed in.
That's their entire point: you stick that thing into an infected machine? Software can't do anything without you confirming a receiving address on the wallet's screen & entering some sort of passphrase. Someone breaks into your house or steals it from your bag? Can't do anything without passcode & reading out the memory isn't possible either.
Not all hardware wallets fulfill these requirements (e.g. ones without secure element can be read out), but any falling under the
safest category should and do exist.
A hardware wallet is not running on your computer. The sensitive data is only handled within the secure element (speaking about hardware wallets which actually have such a security mechanism).
Therefore the 2nd point still applies. It is a concept applying to every software/hardware.
Just because you use your PC to communicate with your hardware wallet, the keys are not handled by the PC. The crucial system here is the hardware wallet. I could have made that clearer.
A hardware wallet can be only as secure as the hardware is (e.g. vulnerabilities in the MCU or SE).
The same applies to a software wallet, taking hardware, software, network connectivity etc. into account.