Even if how safe they or even trusted ones still there might be a loophole for hackers to penetrate and we need to be careful on those possible attacks so that we will not get any problem for using that wallet. I'm using metamask for long time but so far for my experience using it didn't much encounter any major issues.
Of course software wallets cannot be more secure than hardware wallets, but software wallets like metamask or trustwallet are safe enough to use in my opinion. How safe it is depends on who uses it, most cases of attacks or unexplained asset loss are due to user error, not wallet fault. A lot of people also use online wallets for years and never have a problem, but there are also many people who get hacked often. If you are knowledgeable and know how to protect your assets well then you don't need a cold wallet but if you are not good at it, a hardware wallet is the best solution for you.
There are always loopholes for wallets like trustwallet to be hacked. Usually the thing that often happens is that hacks start when they send spam tokens or coins, that is something that happens very often. Access to our wallet can be done if we make transactions with the tokens or coins they sent earlier (spam coins). I personally have been using trustwallet and metamask for a long time and so far nothing has happened. I've also received tons of tokens or coins that I don't recognize, but as long as we just ignore them nothing will happen.