It could have been SD card, it could have been airgapped laptop, it could have been writing your seed phrase on a piece of paper.

Because you know, the "fancy" tools are there to protect from automatic programs. Things that don't suspect, but just try to infect as many computers as they can and grab what they find.

Now I agree that buying a prebuild means you're in that companies customer list and if that list is leaked (such as it has been in Ledger and Trezors cases) than that puts you at a risk that could be avoided with DIY, but I have a vendetta with USBs!

https://www.howtogeek.com/203061/dont-panic-but-all-usb-devices-have-a-massive-security-problem/