Cold signing transactions on an offline device seems like the way to go. It would be pretty much impossible to broadcast a private key from an offline device.
It becomes quite clear to me that generating the master keys themselves becomes the most obvious attack vector. If someone gets tricked into downloading bogus software the attacker can know what the master password is going to be before it even exists.
It is my belief that I should create a system that allows you to create the master seed dynamically with your own brain power, rather than relying on some "random" algorithm. I guess we could call this a proof-of-brain solution.