I have warned for awhile about these hardware wallets. I’ve never trusted them as you truly don’t know what is in the hardware or firmware and if it could be extremely vulnerable. As bad as it sounds a traditional, secure PC is still the safer way to handle your cryptocurrency.
A teenager stumbled upon a vulnerability by noting the CPU that controls the private keys cannot differentiate between authentic or user made firmware. This CPU is used to transmit data including keys. Without much effort he was able to compromise this supposedly secure hardware wallet.
On top of that it looks like Ledger tried to downplay the issue and brush off the teenager who warned them of the vulnerability. In all fairness physical is required but that’s not good, you shouldn’t worry that if your hardware wallet is found that someone could easily extract your private keys and coins from it!
They’ve also recently admitted another vulnerability exists where attackers could trick users to send out their funds to hackers.
For this reason I still don’t recommend hardware wallets, you are much safer on a secure computer.