Why do you think, that hardware wallets are a bad way to hold bitcoins?
They involve trust.
Where did you get your paper wallets from? Did you run someone else's code (even offline) to generate them? If you did, your paper wallets also involve trusting that coder's skills and motives.
The only way to completely eliminate trust is to write the wallet-generating code entirely by yourself (which then adds the possibility of compromising your security by not doing it right).
I use an ancient open-source HTML address-generating program. I forget what it's called. I'm too lazy to fire up my non-internet-capable PC to see.
My trust is mainly in trusting that some eagle-eyed coder would have spotted any shenanigans long ago. I generally trust open-source.
That's the reason why open-source code is absolutely essential when it comes to anything relating to cryptography. Any closed-source code could have backdoors that only the creator knows about. Open-source code can be scrutinized and any backdoors spotted. If there are any, it will be suicide for the coder/company.
Trezor is also open-source and the oldest (10 years) and most popular h/w wallet out there, so the above applies to it too.
Also, although the coder may be innocent and with no malicious intent, he may be incompetent. For example, the random number generator used to add randomness to the wallet generator could be of poor quality, giving an attacker the ability to regenerate the random data, thus giving him access to all private keys that were ever generated by that algorithm. I think I read somewhere that this happened to a popular paper wallet generator some time ago.
The main thing is that trust has to be involved in some way, be it a paper or h/w wallet. I won't lie: my heart is always pounding when I check my coin balance on my Trezor...