Good point, thought about that too. Same goes with your password manager if it gets hacked, it states where the passwords are for! Or if you print the info form the permissions page, it also states that its from steemit website. So the only way is to print a blank 3D steem wallet holder and manually copy paste / write down your keys so there is no referral to the use of the codes.