Risk of getting hacked is basically nil. If someone gets ahold of your device they still have to enter the PIN to access it, and it will brick itself after too many (13 I think?) failed attempts.

Greatest risks have to do with seed phrase backup being lost/destroyed/stolen. When you set up the coldcard it will test you to make sure you didn't make a mistake when you wrote down your seed phrase so a that's nice feature.

Being able to use it air gapped with an SD card means it never interacts with an Internet connected device.

The device is built to last 25+ years, that's why it doesn't have a battery inside it. But having your seed phrase backed up offline in a secure location is paramount.