Yea, that guy is fuckin' great eh!?
So to summarize. Keep your HW in a safe
To summarize I might say: whether it's an exchange or a daily-carry hardware wallet, "Don't keep ALL the eggs in one basket." From talking with a few users and seeing responses to HWs online, I believe that many users feel they are a "silver bullet". The greater the attack surface, the greater the risk.
Fundamental understanding of crypto keys and how digital signing works is key to any solution. The other factor which you have alluded to that can greatly increase likelihood of success is operations/process management.
I figured yesterday that as soon as you noticed your HW wallet is stolen transfer the funds so the secret key they'll find will be worthless to them. Not sure how long it takes them.. ?
The guy is funny! Admitting his mistakes and all LOL!