Has nothing to do with signing a malicious contract. Hot vs cold wallet discussions are about where your private keys are best stored.

What seems seem like a better method to store your passwords? On your phone or on a device that doesn’t share it with anything? When comparing hot vs cold you are comparing how you store your keys. Your keys are your passwords. HW wallets also offer an extra layer of protection against your greatest security weakness. You. It forces you into additional steps before doing something stupid while being phished. Phishing is behind 99.999999% of any story related to someone losing their funds.

Software wallets obviously encrypt, but you can be safer with cold storage. We’ve seen attacks in the past where the auto “update software” feature of a software wallet was compromised. Users would then unknowingly update to a malicious new version that asks them to re-confirm their keys. They then lost everything. This wouldn’t be something that would affect as many HW wallet users as those users should know they will NEVER be asked to input their seed in any other way besides using device itself. This means no typing in. No malicious software to catch it. Yet, some will still fall for these tricks.

TLDR: Software wallets work well enough as they encrypt. Are there very rare situations that this may not be enough security? Yes. This has nothing to do with visiting a website that links to a bad smart contract. This is just phishing. Any sizeable amount of wealth should still only be connected to a key stored offline.