Assuming my PC isn't infected with any spyware, etc......
Is that a realistic assumption? What attacker do you have in mind when this is not the threat you want to
attack defend against?
1) I get the bitaddress.org file downloaded to my PC. I disconnect from the internet and generate a paper wallet.
I copy and paste my public address into notepad, or whatever. I make backups of that address and store in different places.
You dont need backups of the address(es). You can literaly tatoo it on your forehead and its no security risk.
2) Regarding the private key, I'm still offline, I simply write down on paper the private key and make copies of it too and store accordingly (IE: > it never gets used in the online world until I'm ready to move the bitcoin.)
Once I have my both address and key stored, I would shut down bitaddress.org.....clear all my history, etc from my browser, then "wipe" the free space on my hard drive. Then I'd reconnect to the internet. The Private key has never been seen by anyone but me.
Why all these steps if your first assumption is that your machine is clean? How do you "wipe" free space on your hard drive?
3) I use Mycelium wallet (or any wallet really) to send bitcoin to this new public address.
As long as I keep my private key safe, isn't this effectively 'cold storage?' And is this correct? (all of the above)
Its offline and thus "cold", yes.
I do have one question though....which is still bothering me. I would be sending bitcoin this public address on a weekly basis from Mycelium wallet. But I've also read you shouldn't reuse addresses or send to the same address over and over again.
Its a privacy issue not a security one, if you are the only person sending coins there and you dont give the address to different people it should reveal no information about you and the amount of coins you hold.
I assume at some point, hackers are going to figure out how to break Mycelium. And I'm fine losing $100 or so from the wallet....and yes, they would in theory then see all this money I've sent to the public address....but if the private key has never seen the light of day in any digital form....I don't see how they could break into that address.
However they "break" the wallet, they cant get the private key from the address held offline.
I would strictly be using this new address to "stash" or build a "nest egg" of BTC. ---- Do I have the security correct, or not? Please advise. Thanks.
I cant answer this question without knowing against who and/or what you want to protect yourself. If you are concerned about someone in your family this would be terribly insecure as they could just grab your paper wallet. You also just said you want to store the private key "in different places", but no information about these places? Could they all be affected by the same fire? Could they all be affected by the same large scale (flood affecting your city or similar) catastrophe? What exactly are you worried about? If you can answer all of the above questions for yourself, you should be fine. If not, think about them. Security is never 100%, so make sure you know about the percentage(s) your setup does not(!) protect against.
Edit: typos
Yes it seems a secure way.
Why do you think so?
Better yet, you can use a linux system to handle the job. I am not saying it is risk free but there are much less spyware/malware/trojan created for linux systems. So your chances of getting robbed are much less.
Why do you suggest linux if OP explicitly said they dont worry about spyware etc. Plus the number of viruses of a specific OS matters little, a single one is enough to shatter your security setup. Linux and MacOS has malware as well, its not magically immune just because there is less of it.