Actions on Steem are transactions, signed by our keys, just like any cryptocurrency. The difference is that we have extra types of transactions... but it all works the same way.
People with hundreds of Bitcoins don't keep their keys on their PCs. They keep "watch-only" wallets on their PCs which construct transactions for their dedicated offline device to sign. The PC only ever sees unsigned and signed transactions... never the keys.
Baby steps... the first part is removing transaction signing from apps. There is a balance to be struck between convenience and security, but the average Steemian's current workflow is heavily biased in favour of convenience, at great cost to security (as evidenced by the multiple phishing epidemics we've had in our short couple of years).
That's not right, and I want to change it.
Bitcoin transactions particularly from offline wallets that are infrequently used can be handled very differently from transactions done on a social media app. If you're using a Steem app, it would be very impractical to have each upvote, comment or whatnot signed by an offline device.
One pretty straightforward way to improve security is to have any large amounts of SP or liquid STEEM and SBD on accounts that very rarely interact with the blockchain and have those accounts delegate SP to your daily posting account.