The only reason keys were compromised because the key-generator itself is compromised(we weren't aware of that).
But the process of key generation was secure as we never connected any of the devices to internet.
It's a "weakest link" thing: all it takes is one fuckup and all other components of your security become irrelevant.
Let's say someone brute forces(say with some quantum computer) 52 char key combinations and lands on your wallet and drains your wallet.
Who is at fault? Did you follow an insecure process or is it because the generator you used wasn't strong enough?
Are you seriously comparing using well-known compromised malware for key generation to something that's generally considered as being completely impossible?