I agree with<a class="mention" href="/@unwriter">@unwriter</a>. If your wallet is compromised, only the competence of the malware author limits the effect to not also diverting the sweep. So you'd want a second external wallet even on a different device or computer. This is why hardware wallets showing the addresses externally becomes valuable, even if it is not user friendly for normal people with addresses being tedious to compare.
Now extend this with dynamic derivation paths and approaches, where valuable keys may not be guessable through linear derivation. That external app needs to keep synchronized in some way that the compromised wallet can't interfere with.
I agree with<a class="mention" href="/@unwriter">@unwriter</a>. If your wallet is compromised, only the competence of the malware author limits the effect to not also diverting the sweep. So you'd want a second external wallet even on a different device or computer. This is why hardware wallets showing the addresses externally becomes valuable, even if it is not user friendly for normal people with addresses being tedious to compare.
Now extend this with dynamic derivation paths and approaches, where valuable keys may not be guessable through linear derivation. That external app needs to keep synchronized in some way that the compromised wallet can't interfere with.