I build systems from parts. (I mean, most miners do, right?) Motherboard, RAM, Graphics, Hard Drive, etc. If you can do that, most people who can, know if a system they are building is secure or not.

The topic about the TrueCrypt keylogger is called the Evil Maid attack. Do a little research, it's not as bad as it sounds, and it can easily be checked even if you leave your hardware unattended and quite possibly tainted.

As for cold wallets, just like passwords, it's a good idea to change it every now and then. The design of bitcoin is such that one layer of "protection" is removed when you spend anything from an unspent address.

But, for example, the best addresses to target are static ones that accept a lot of inputs, and have already spent some, since you now know the public key. Note that the public key is not the same as the bitcoin address.

Satoshidice comes to mind, I don't think they've ever changed their betting addresses, and if you manage to get the private key to any one, you'd have a lot of bitcoins. No one has ever cracked that one. (I think, I don't remember if it has been breached.)