There's also Bitfi, which doesn't store your keys, but instead generates them every time from your passphrase. The problem with Bitfi is that it has a screen that can be hacked, so you don't know if what the device is telling you is the correct address actually is generated from the device or maliciously swapped with a hackers substituted address. If Trezor or Ledger could follow Bitfi's seed generating practices, but keep their separate screen, that would be the best of both worlds.