Online Wallet
So, I assume you know online wallets. If you have your money in one of those (like e.g. your steemit account), then all the secret data concerning your money is stored on some server somewhere on the internet. There are several risks with that:
Someone could steal your password and thus gain access to your money. In a browser situation, this will most likely happen through a phishing-mail, cross-site-scripting or some nasty malware on your computer.
The server itself could get hacked, independently of your account. In that case potentially everyone that uses this specific service would loose their money.
The owner of the server could be dishonest and simply take away all your money. (This is mainly a concern with services that are not very well established yet)
Software Wallet
Then there are the software wallets. There, all the secret data concerning your money is stored on your computer. And only on your computer, unless you make some kind of backup. This is good because this way there's no server that could be hacked, and also no online login-data that could be stolen. But it brings other problems. Most notably there's the problem that you can never really be certain that your computer is not infected with some sort of malware. If this malware is clever enough, it can quite easily steal your money. In the end, it's not that much safer than a good online wallet.
Hardware Wallet
Then there are hardware wallets, like the Digital Bitbox. With those, all the secrets of your wallet are on the physical device. And they never leave the device. There is actually no way someone could steal the secret data from the device, except they steal the physical device and use some VERY sophisticated techniques to extract the data from the hardware directly. There are usually guards against that in place. Ok, so stealing the secret data is no longer an issue. But malware on your computer could still simply USE the Digital Bitbox once it is plugged into your computer to make payments without your knowledge. That's why there is a touch button on the device. No payment is made unless a human touches this button for at least 3 seconds. Until your computer can grow a real finger, this is a pretty big increase of security