But the raw transaction should be made on the offline PC, otherwise this raw transaction data could be compromised if it's made on an online PC...
The transaction is built on the online wallet (or at least on a wallet that has access to enough of the blockchain). Then it is brought to the offline wallet for signing. Before signing, the offline wallet can display the transaction to the user. It will be able to see all the outputs in the transaction, and so will be able to tell the user exactly how much BTC is being sent to each address. The one thing the offline wallet
might not reliably have access to is the value of the inputs (the online wallet that built the transaction theoretically could lie about the value of those inputs). In that case, you could theoretically pay a larger (or smaller) transaction fee than intended. This isn't likely to happen, and with coin control you could manually verify the values of the inputs if you wanted to.
Anyone knows how to properly set up a watch-only wallet to keep track of your offline wallet's balance?
That depends on which software you want to do it with. If you are using Armory, or Electrum, then the online portion of the wallet should handle that for you.
What software do you recommend as a watch-only wallet?
That depends on your use case. If you want a lightweight wallet and don't mind giving up a small amount of privacy, then Electrum is a good choice. If you prefer a full node, then I believe it is possible to import addresses for watch-only into Bitcoin Core. If you prefer something more mobile and don't mind the occasional issue with reliability then blockchain.info is a good choice.
Can I set up the node itself (Bitcoin Core's wallet) to be watch-only with the public addresses of my offline wallet?
I haven't done it myself, but I believe it is possible.