Which attack do you think is out of range for the actual hackers who are making millions off of ripping off banks?
A centralized repository to secure multiple accounts is insecure by design and why I typically tell users to avoid bitcoin banks or exchanges for storing their savings.
I think the main thing putting you off was me mentioning the NSA firmware thing as a way to infect a live CD. While that attack is rare and expensive, you only need to write the malware once and you can infect millions of people with it. The NSA had the unit cost of their malware listed as $0, meaning an infection cost them nothing, they only had to pay the few million to make it, and I think that price is in range of criminals. So all the bad guys gotta do is write the malware once and then spread it to as many people as they can, so it doesn't matter if you have 1BTC or 1,000BTC, you could still be infected by multi-million dollar malware just as easily.
They cannot retroactively insert malware into existing and audited linux images. Yes, there could have been a unknown vulnerability that was missed initially (I.E..heartbleed) but this doesn't necessarily mean you are compromised and that your bitcoins will be stolen when you import
part of your savings.
Like I said before, the RNG on a live CD is predictable, with some analysis with common computer hardware it may be possible to crack it. The RNG used on the website
http://brainwallet.org was broken in a similar fashion and everyone who used it had all their bitcoins stolen. The LRNG would be harder to break than the brainwallet.org one of course, and it won't get everyone, some people may not have their funds stolen.
You are making an assumption that the Live CD is what should be used to create the paper wallets and not merely spend them. I agree that online generators are more vulnerable.
And when you burn the CD, how do you know the ISO you wanted was burnt? It is trivial to write up a piece of malware that could switch the ISO the burning software uses. You can protect against this by checking the CD again on another machine however.
And if you are burning it to a USB, if you happen to plug that USB in anytime in the future when your running your main OS then the malware can modify the kernel and backdoor the RNG, I have a patch file right here that will backdoor the LRNG, it's insanely easy to do.
Yes , there are some extra security steps that must be checked and followed that most users will never do. This is why there are hardware wallets and devices like entropy... because they allow easy and good enough security for the average person.