Great post!

I will say that I'm skeptical of the hardware wallets, because we still have to trust the firmware updates that come from the manufacturer, as well as the hardware itself (which I don't believe is open-source).

Most software wallets, on the other hand, are completely open-source. So long as we're careful about installing automatic updates (which could be malicious), we should be okay (maybe wait a few days before installing the updates to make sure there aren't any problems).

There are risks any way you slice it, and it requires a calculated approach.