Also there is a rather short limit to the longest transaction it can sign. That makes its functionality for doing things like signing contracts limited. I suppose you could make a hash of a contract and sign that hash though. Probably worth it for the security that you would gain from using a trezor instead of keeping the keys to your online identity on a computer. I wonder if people will be able to to get used to and accept signing a hash of a contract rather than signing the contract its self.
That's normally how signing works (with PGP, and I assume with other systems as well). Does signing a message with a Bitcoin private key not create a hash of the message as an intermediate step? Or is the Trezor implementation missing that? Is there a specification for how message signing and verification should be done?