For your own coins... Never use something else than a desktop wallet with the private keys in your own hand.
Better would be a complete offline storaged paperwallet and only a small amount for daily use in the deaktop wallet.
That would mean maximum safety. (Don't forget things like very strong passwords etc...).
MEW (myetherwallet) can be downloaded and run completely locally. It's just as safe especially if used this way. Several of you should stop spreading FUD when you haven't done the work to understand these technologies first.
IMO there is no perfect or better way - it is always a trade-off.
Generating your private key online is not wise. myetherwallet is a complete client side key generator (you can test it with dev tools-->network and make sure that not a single bit is sent from the browser during the key generation). You can indeed download the source code from the official website and do that completely offline like suggested earlier.
Desktop wallets - the problem, or the vulnerability, is when you generate the wallet and password or when signing a transaction online - if your PC is compromised (most times you won't be aware it is) you may lose your wallet balance.
Another risk with desktop wallets is forgetting your password or losing the keystore file. Yes, backups can and should be made, but each backup increases the chance that it will be stolen (again - trade-off).
In any case, DO NOT store your backup file anywhere online - you may be a subject to brute force without even knowing that. In that case it is only a matter of time until your password will be cracked.
Personally my problem with desktop wallets is that there is no 2FA.
You can generate your "wallet" offline on clean PC and sign the spend transactions offline - this should be as secured as you can get in case you remember your password and your keystore file was not stolen.
Offline/paper storage - the most secure way to store your tokens. The downsides are physical damage or lost (especially if it is planned for long store) and theft. Usually used for long-term storage.
Last and not least: Keep your tokens on Iconomi platform. The advantage is that you are getting good security (offline multi-sig cold storage) with relatively easy but still secured way to spend the funds (login credentials, 2FA and email verification).
The trade-off - technically speaking, you don't have control over your own funds. This is where TRUST plays major role. So far (looking back ~4 years), Iconomi team had given us zero reasons not to trust them.
Personal advice for all people out there that don't feel comfortable with wallets, offline generators, keystores, etc - make a strong, long (minimum 16 unique characters, no words or qwerty-based phrase), and unique password for Iconomi platform login and keep your precious tokens on Iconomi platform. If you chose that option, make sure that your email and Iconomi passwords have nothing in common and are not used anywhere else.
Remember: If you screw something with your own wallet - you may lose your tokens forever! Add that to the trade-off calculation before deciding.
Some of the things were written here before, it is not all out of my head, but more like a summary.
Hope it helps