If you scan, copy or print the private key directly, there are many malware that could recognize it.
Security-wise there is no difference between copying a private key and having the mnemonic code displayed / generated somewhere on the computer.
Theoretically that's true, because there is a lot of 'dumb malware' which doesn't even compromise the system properly, but instead just acts like a clipping board malware for example.
But if you look at the security itself, this wouldn't change much.
And electrum also allows to copy single private keys.
This is why the traditional paper wallets are so discouraged, and people are urged to use the seed words instead (which dumb malware might not distinguish from, say, what you are typing here).
They aren't discouraged.
Paper wallets are secure if generated properly. Regardless of how you generate the private key (either randomly or by deriving it from a seed).
Next step is, of course doing the whole wallet creation in a separate offline computer that is live booted for this task (and such computer doesn't even need a hard drive).
There is no sense in generating the desktop wallet offline if you are going to use it on an online computer.
This makes sense when creating a paper wallet, but has no advantage when installing / initializing a desktop wallet.
Electrum is a light wallet, indeed that model is more insecure since you are trusting a third party server, rather than the blockchain directly.
Just because it is a lightweight wallet, this does not mean that the security affected in any way.
You could theoretically receive wrong information regarding transactions. But the security of your funds is not affected.