I never had a Trezor to test this, but my understand is pretty much what you describe. As long as the host is not infected durring the creation of a transaction you are golden. You keep the Trezor around and only need to plug it in to send bitcoin.
A trezor can not be infected with virus right? If my personal everyday computer have virus, and I plug in the Trezor, it doesn't infect the Trezor right? But with a external harddrive, it could?
Electrum handles change as a good wallet should, by default. As in: it creates a new address for every time a change transaction occurs. Here [1] is a very good explanation (IMHO) with pictures.
I think I asked earlier in the thread about if electrum creates new addresses, because I didn't keep track of all of them. But it looks like it does.
I read through the link you attached, but didn't understand the most of the Seeds and Change Addresses part. However, I think I shouldn't even bother to mess with that one, then hopefully, all my coins are safe.
And yeah, don't bother with private keys either, if you use a wallet like electrum with a seed. Just keep a copy or two of the seed, and it should be good!