You're totally right. For most, secure element hardware wallet with a simple 6 digit pin will do. They're open to attack from the secure element manufacturer and state intelligence backdoors but they're also likely completely KYCed and have no on-chain privacy so the state is not in their threat model anyway.

If one has larger holdings hiring nostr:nprofile1qqs0w2xeumnsfq6cuuynpaw2vjcfwacdnzwvmp59flnp3mdfez3czpsprpmhxue69uhkummnw3ezumr0wpczuum0vd5kzmp0ksxxx2 and having his company or another competitor set up an elaborate multisig setup would be ideal. That way they handle all the cypherpunk security stuff.

For us autistically obsessed cypherpunk types, yeah we are going as hard as possible mainly for fun.