I think that this is the best solution. However, I would say that the best feasible solution for active participants who care about the size their accounts have on the community would be to put it all in SP. That way, even though you would not be entirely safe, a phish attacker would still need to power down for a week and that would give you more than enough time to log into your account, cancel the power down and change your password.
Another way to increase the safety of your account that many people don't do is to only use your posting key on other sites. That way, if something gets stolen, it's just a password allowing them to vote and comment. I think that Steemconnect should start enforcing and recommending this so that people don't go around putting their Master Password in unnecessary places, since this creates very big security risks.
RE: STEEM Cold Wallet - How to protect your funds from anything