I'd hate to live in a world where a hardware wallet could be hacked remotely, as in if it's sitting in my safe not connected to any device.
There is (currently) no conceivable way that could happen without someone being able to open your safe and physically get their hands on your device. But having said that...:
The only system which is truly secure is one which is switched off and unplugged locked in a titanium lined safe, buried in a concrete bunker, and is surrounded by nerve gas and very highly paid armed guards. Even then, I wouldn't stake my life on it.
My pea-brain understanding of hardware wallets is that the device itself is needed to sign transactions and that's it. All the coins are stored within the seed phrase--but of course if someone gets their hands on that, they'd have the ability to do anything they wanted with them.
I wouldn't say the coins are stored within the seed phrase. Coins are stored on the blockchain.* The hardware wallet simply stores your private keys, which give you permission to make transactions with the associated coins. The seed phrase is a more human-readable encoding of your seed number, which is a 256 bit number (256 zeros and ones). All your private keys can be derived from your seed number, which is why it acts as back up access to all of your coins.
*Actually, the blockchain stores transaction data. "Coins" are an abstract concept and not actual "things" which need to be stored, but this doesn't change how we think about how hardware wallets work.