This vulnerability still can be exploited. It just can't get remote exploited via the internet.
Someone knocking you out (or walking to your pc, plugging an usb stick in and out) and using this vulnerability is (theoretically) still an option.
if someone has physical access to your computer, there are easier ways of stealing your stuff than using these exploits. and as i said above wallets like Electrum don't just leave your secrets in the cash. it is flushed each time you finish up using them like after you signed your transaction. and will require to be loaded again in your memory which then requires password.
The meltdown vulnerability can only be exploited on Intel cpu's (those manufactured since 1995 (excluding Itanium and Atom chips made before 2013).
it can also be used on other CPUs (AMD) with a little modification.
My question is, can some secret data hide in the QR code or signed transaction file when its broadcasted on the online computer? Since this is the only way the offline computer can send any data since its never online.
if the program that you use to generate the QR is corrupted it can inject anything in it.
but transactions are big enough for QR as it is, adding anything else to it would make it even bigger and it is easy to catch it. you can use your device to read the QR before letting it touch your cold storage.
download Barcode scanner on your phone and read them.