Just use Bitcoin Core as a wallet too, but in a separate airgapped safe computer. In an online computer, you run the full Bitcoin Core node, here you have watch-only addresses to see actually how much money you have and keep track of finances. In an airgapped computer, you run Bitcoin Core node offline, and store the keys there for offline raw transaction signing. This is the best possible scenario that I can think. Electrum's seed thing is unsafe due possible key derivation schemes and having your wallet.dat safe is a better alternative unless someone can prove me wrong.
Electrum is by no means "unsafe" in the strict cryptographic meaning of this word, if it was, there would be tons of warnings by experts, like it happened when the last vulnerability was found. If I understand you correctly, you are referring to the vulnerability that requires the knowledge of both master public key and any of the individual private keys. To obtain those keys, attacker would need to either break into the system or use some social engineering to convince the victim to give those keys up, which essentially would mean that any crypto system would be defeated, because they all rely on total secrecy of crypto keys. Realistically, this vulnerability could only be exploited in some big organization when multiple people need to access the same wallet, and someone decided to just give individual private keys from different addresses, not knowing that when combined with master public key, all other addresses get broken. But if someone uses Electrum as their own private cold storage, there's no huge difference in security between it and Core, and this is why Electrum became so popular - it has very good user interface with good functionality, especially for cold storage.
I see an huge risk. In one hand it makes sense that if someone manages to get just one private key, it would mean your entire security model is weak, but still, im so paranoid about the fact that all future keys generated forever in your Electrum wallet would be compromised due seed derivation. The attacker may not automatically steal all of your funds (as they would do if they got possession of a classic wallet.dat file), because the attacker may way for a long time for you to create a booty big enough to pull the plug. So as you receive payments and buy more and your stack grows the incentive goes higher for the thief to move funds.
We must consider all possible angles of attack. I think it may not be worth the risk, I will stick to wallet.dat, even if it sucks not being able to "have your wallet in your head".
