it's better to buy it in a physical store,
Only if that store belongs to an official reseller...
- Perform all hardware steps alone, in a quiet area. Mask all camera, and never type/take picture of your seed on your mobile or computer even offline.
In addition to these things, we should also worry about devices that come with a microphone
[sometimes we involuntarily read stuff out loud, and there's always a chance that someone else might be listening at the other end].
- If seed and PIN lost, there is no way to retreive funds
That's true in most cases, but if you happened to have an outdated
[version 1.6.0] Trezor One, then it's a different story:
Trezor hacked (again)