Yup, clearly, a connected device will never reach paper wallet security
until you want to spend it
(that should be a new meme ...)
Create a transaction offline, sign offline, broadcast
Over
But in real life, I have used your solution to sweep a private key