I don't own a CC so I wasn't sure if it was a pin or just an implementation of BIP-39.

It sounds like to me that the ColdCard maybe makes it harder to do some dumb things. Personally I don't like the idea of the device itself storing the seed (between boots) because then its just the pin someone has to know. This stuff is hard and there are so many different considerations.

I think using the different devices might make one consider their strengths with different weights of importance. It is a very valid consideration to have to have the seed phrase and device together in order to spend funds. But, if someone has your seed phrase its game over. They don't need the SS at all. The device isn't the issue unless it is running.

Based on what I've read and what others have said CC manages the risk of someone stealing the device well though so that may be a better security model. I'm still thinking about it. I've used ledger devices (don't trust their software now) and they seem to use a similar model. The seed is stored in the device. I don't like having to trust the device's security. Its very nuanced.