I wanted to find out exactly what are the risks of using a desktop Electrum wallet. Can someone elaborate?
1. A malicious software can "send home" your Electrum wallet and the associated password, allowing somebody else spend your funds.
2. A malicious Electrum clone can "send home" your wallet and the associated password or even directly the seed.
3. A malicious Electrum clone can directly make a transaction sending your coins away (it has your keys, remember?)
4. A clipboard malware can change the address you send to and trick you into sending funds to different address than you intended to (and also HW doesn't fix this!)
If I were to use my desktop Electrum wallet over VPN, and be ultra careful about phishing scams and be careful not to download any upgrades from sources other than Electrum.org, does this eliminate 99.9% of risk of using Electrum?
As said, VPN doesn't make your computer more secure.
Verifying your Electrum download may help much more than just being careful.
I also think that using a Linux, together with the other safety measures, could, for now be pretty much OK. Still, for very big funds I will not use hot wallet, no matter what.