You present valid arguments.
One huge difference is that Coinbase provides 2-Factor Authentication.
Bitcoin user is infected with malware -> Bitcoin funds stolen.
Bitcoin user is infected with malware -> 2-Factor saves user's Coinbase funds.
Outdated. Two factor authentication is getting built into the Bitcoin protocol. In addition, there was a exploit for GOOGLE that let you bypass 2FA 10 days ago. Not just bypass 2FA, but let you access into anyone's account remotely.
Just think about it. Coming in from the field, unless you're a POI, nobody cares about your emails, nobody cares about your photos, nobody cares about your facebook. If you get hacked, it's not personal. But we DO care about your bitcoins, and honestly, I cannot thank you enough if you use an online wallet.
http://thegenesisblock.com/bitcoin-protocol-analysis-native-two-factor-authentication/Also keep in mind that malware can bypass 2FA already (hint: I've written one that bypasses blockchain.info, would be happy to adapt it for coinbase too but from "market research" the big BTC is stored locally or bc.info). And blockchain.info (which is a hybrid wallet, IE offline wallet running in your browser) has a shit ton more security measures than coinbase.
To recap:
it is impossible for online wallets to be safer than offline wallets simply because there is a bigger attack surface (web stack, employees, legal compliance, etc), and rational attackers always target the most lucrative target.
Online wallets don't magically have some bulletproof glass - they are running the a local wallet too, PLUS overhead (the online parts), PLUS employees, PLUS legal issues.
