Bitcoin arguably cannot become mainstream without secure hosted wallets. Most people won't use Bitcoins until wallets start looking like debit cards, with authenticated access, insurance, and so on. Even so, prudent investors will keep large balances in offline wallets, securely encrypted and backed up.
In my experience, it's simplest to use multiple offline wallets, each in its own VM. To start using a wallet, one merely copies its VM to an online host, and appropriately configures network access for the VM.
Trezor uses BIP-32 hierarchical deterministic wallets, BIP-39 mnemonic seeds, an open communication protocol, and entirely open source software and hardware (firmware and schematics, no PCB). If you have concerns about the RNG you can import BIP-32/39 wallets from elsewhere. It also now supports multisig.
I'm not really sure what storing entire VMs as "wallets" gets you. VMs don't protect the guest VM from a compromised host OS, so at best you're protecting the host (and therefore other guests) from a compromised wallet VM. But then why not spin up a fresh VM and type in the wallet's mnemonic seed? I suppose you could argue it protects against unsophisticated attacks like malware on the host OS looking for "wallet.dat", but that's about it.
With hardware wallets, assuming the firmware is bug-free (which is difficult, but easier on a simple embedded device than a PC running millions of lines of code), you could plug it into the most malware infested machine imaginable and still securely send your bitcoins to the intended address (excluding DOS attacks, and assuming you verify the address out of band)
There are a couple ways to use a hardware wallet to manage funds. You could use a single wallet with a single seed and multiple addresses, but if the host AND device are compromised you'd lose all the funds, so ideally you'd split offline funds across a bunch of seeds that are either stored in individual Trezors, or on paper to be entered into a Trezor when they need to be transferred.
Multisig adds another strong layer of protection, and would be wise especially in organizations where you don't want to trust funds to individuals.
I'm committed to freedom and requisite privacy. Bitcoins interest me primarily because they can (with some effort) be used anonymously. I advocate the compartmentalization of activity among multiple online identities. Each identity has dedicated VMs, and each VM reaches the Internet through some nested chain of VPNs, JonDonym and Tor. Consequently, Bitcoins end up in multiple VMs. Some VMs are associated with particular identities. Others are as anonymous as fresh Whonix instances can make them. I could transfer wallet credentials between VMs, but that would take about as much time as moving VMs around.
Anyway, that's what using VMs as wallet holders gets me.
My host machines all run Linux with dm-crypt/LUKS, and I have good physical security. If I were on the road, I'd buy a notebook for cash from some random shop, and boot Tails.
If I had to, I could operate without local storage, using information that I had encrypted and archived online. But a Trezor, even fresh and charged with recovered wallet credentials, could be found and taken.
In my experience, it's simplest to use multiple offline wallets, each in its own VM. To start using a wallet, one merely copies its VM to an online host, and appropriately configures network access for the VM.