A thread was created yesterday about this:
Trezor hacked (again)Problem is not only for Trezor but for most hardware wallets and devices that use STM32 microcontrollers and most wallets are using them.
They are used in billions of devices around the world, not only in hardware wallets and it's scary when you think about it, even without flaws some agencies could add backdoor for spying inside this chips.
Trezor already fixed the issue in latest firmware versions and wallets no longer copy or move the key and PIN into RAM but in protected part of flash that is not affected by firmware upgrades.
---snipped---
We should always follow the appropriate way which is sending your coins to another offline wallet if any hardware wallet is stolen. Also the use of passphrase which is also advisable for Trezor users because passphrase are not stored on the hardware wallet device while nnew different keys and addresses are generated from the same seed phrase.