So when and how bitcoin wallets in mobiles and desktop is considered to be insecured too? The difference is only the latter needs installation.
There is a big jump from a website to a mobile and desktop wallets! When you open a website you have no idea what you are running and what you are sending to that website's servers and you have no way of knowing it. But with a desktop/mobile wallet you have a choice to download and install what is open source so you can verify that it is not doing something malicious.
Truth to be told
many most have no idea what they also install. Even in the rare cases the program has its source code at hand, they won't read it, clearly won't build it themselves. And the compiled binaries may or may not be from the source code you'd expect. Verifying the traffic one program makes is something also very few people do.
Indeed, there's still a big step, since a website can offer different page for a while and steal information and deny it, while 90% of the time operating clean. This is much less likely with installed programs. But most people don't understand software and don't care much either.
Some will look whether this or that is labeled as legit or scam, and
that's all. I fear that we're expecting too much from the average Joe... (hence I am happy when this kind of questions pop up - they give a chance to a few more get on the right track).
Something more: I fail to understand why are people still focused so much on classical paper wallets when they can run Electrum (either safely installed and verified, either from Tails OS), generate a seed and a few addresses and.. done.
