What you really want is a hardware wallet(trezor) that hooks into metamask. That way you have the usability of the plugin without the risk that it can take all your money
The people who sell them - and many people in their supply-chain! - are handed the very dangerous combination of:
A) Being able to hard-code software into the silicon whose source code you will be completely unable to inspect unless you own an electron microscope and a very large amount of knowledge on hardware reverse engineering. What if the hardware forces the PRNG to be predictable so they can remotely know my crypto's private keys without any internet connectivity whatsoever?
B) Knowing 100% for sure that the device they sell will be used to store money. They don't need to first find victims, they know ALL of their customers can be. It's like writing "MONEY INSIDE" on your house IMHO. Better use a general purpose PC whose vendor doesn't know what it'll be used for.
Trezor is open source, and you could generate your recovery seed on a computer and import it onto your hardware wallet. I believe Ethereum and some other cryptocurrencies prefer to use deterministic signatures on transactions, so in theory it's possible to check that all of the signatures generated by the hardware wallet match the expected deterministic signatures so you can know that the wallet isn't secretly leaking information through the signatures it's generating.
