Hi, What's the difference between Type 1 and Type 2 deterministic addresses? According to my research Type 1 will reveal the private keys, since that's what you generate first.
With Type 1 deterministic addresses if you managed to crack a private key it won't help you to crack another (you need the seed for that) but with Type 2 if you crack *any* private key then it has been proven that you can crack any other (key hardening can be used in Type 2 to make that much more difficult of course).
Having watch only wallets is not necessarily a reason to want to use Type 2 wallets (you are perhaps trading convenience for security).
It would be simple enough to generate 10K Type 1 deterministic addresses (that are based upon compressed keys) offline with a file that could hold just the public keys of these to be transferred via QR code (might take about 50-100 QR codes) which would be safer than any other method.
If you are keen on doing this then perhaps let's see if we can work out something (it is something I could add to the CIYAM Safe
https://susestudio.com/a/kp8B3G/ciyam-safe).