And what about the person who put the private key onto the hologram in the first place? Couldn't they have kept the private key somewhere?
To answer your question...yes there have been breaches from certain coin makers! But those are very rare. So its all a matter of trust and reputation. Top of my list would be Casascius, Lealana, Denarium,Titan , BTCC to name a few. So it is simply a matter of trust indeed.
Coinographic and Alitn were two of the makers that had their btc sweeped.