If there are hidden cameras everywhere, all hardware is NSA hacked and user is not looking at the screen before sending all his money to thief, then the user probably cannot do safe transaction with credit card either. [ ... ] So what can be done that would in your opinion make this safer than your credit card? If I have hacked computer, then thief can steal my money from my bank account. If I have cameras in my appartment, then he might steal from me as well. I have received my computer, credit cards and bank details by post and if NSA or goverment wanted they can block and empty my bank account whenever they wanted.
As I wrote, using a Trezor is surely safer than entering or storing keys in your PC or laptop, and you may even dare to use it on a random cybercafe computer (which you should never entrust with your keys).
However, users must be aware that the risk of theft is still not negligible, and they must still be very careful when using the Trezor -- even more than when using credit cards or home banking.
Consider the entire process of stealing money from your account or credit card, including what the thief needs to do to get the cash in hand once he has stolen the PIN or passwords, and what you can do once you discover the theft. Bitcoin makes the theft much simpler and safer for the thief, and he can effectively collect bicoins stolen from thousands of wallets on the same day, without even being logged in at the time. Bitcoin thefts have proven to be nearly impossible to solve; the stolen coins cannot be blocked or seized, and are easily laundered with little risk.
For those reasons, and more, bitcoin is extremely attractive to professional cybercriminals. It is no wonder that there are already more bitcoin thefts than credit card thefts, in proportion to the total e-payments.
I think that it is important to talk about these risks and educate users. But if there is nothing what can be done, then engaging in such discussion is useless.
Of course it is very important to discuss these issues. I don't know the details of the hardware & software, but I am sure that its safety can be improved in many ways.
For example, it is still not clear to me whether there is any practical way to check that the firmware that is loaded in a particular Trezor device is the official one. (This is the fundamental fatal flaw of every all-digital voting machine design, and there is still no known solution for it.)
The problems you describe (like the anonymity, etc.) are the features of BTC and these are thus inherent to all BTC wallets. Once you are robbed, you can do nothing about it. I agree with you. That is not a bug, that is the feature. I know that this makes BTC attractive to the criminals, but I disagree that this makes this device less secure.
I'm not sure whether you can verify the firmware running on the device, but you can always flash it with the latest firmware from the website or your own build. That said, there is still bootloader that might be hacked, but that would have to happen in production because it cannot be overwritten. That would be equivalent to having a fake one.