IDK if other wallets have this but trust wallet now has the option to back up our seed phrases in a cloud storage.
Specifically, it is Google Drive. I don't know what kind of deal they have with Google that they confidently add it as a backup option, but safe to say nobody should ever use it. zetfex, you should check if you've activated this option in one of your wallets, if that is true you should check if your Google account has been breached or not. Worst case scenario they have more than just your seeds/private key.
Copy and paste? I heard copying a private key using our devices (lappy, pc, mobile) is risky. The best method was still to write down our seed phrases manually in a paper, notebook or something that is more sturdy than these two.
In general yes it is risky, especially if you use a connected device since some keylogger might be lurking somewhere. If you use an air-gapped device that has never been connected to the internet you can use it to copy-paste stuff though. That being said, I don't think you should copy-paste your seeds from one device to another, especially if the latter is connected to the internet. CMIIW.
Mistakes that newbies make is using their main wallet to connect to any websites for airdrops that will pay them in pennies, and some websites have malicious activities on them, scammers are waiting for airdroppers to come look ing for free coins and tokens, have a separate wallet for airdrops and it send coins and only send coins and tokens you plan to hold for long term into your main wallet.
This is debatable since some airdrops require some tasks such as making transactions worth more than $1000 for the last three months or something similar. Maintaining different wallets just for that purpose can be quite costly. Not to mention it add another layer of risk since you have to keep track of different wallets. As an alternative, you can ignore any airdrops links not shared by the official account of a project you're following, and regularly revoke contracts to make sure your wallet is not connected to any malicious websites/contracts.