When i want to dump my privkey i have to put in my password but why is it visible and not hidden by asterisk?, i mean if someone installed some malware he just can read my password so that's a risk.
If an malicious actor gets to install malware on your computer, he has full control over your PC.
This means once you open your wallet, the malware will be able to move all your funds out (assuming the malware is aimed at this task).
Even a keylogger would gain access to the password. Making it 'invisible' when typing doesn't add anything regarding security (except maybe that nobody can stand behind you to get the password).
Also those onlne paperwalletgenerators are a risk, what do you people think about that?
Do not use them.
Even if you use them offline, they might have a smaller key space.
The best would be to use a proper wallet (e.g. core or electrum) on an offline machine, generate a few private keys, write them down together with the addresses.
If you do this on a linux live system (usb live boot), after a shutdown all information will be gone .