Definitely, requiring the entire smartphone to be "trusted" is way too much.

Small external signers with a display and confirmation button are a nice compromise (and also largely solve MITM!), since I don't mind an external device being under somebody else's administrative control as long as I can run what I want on my smartphone or computer.

But people don't want to carry two things... Hopefully we can at least have both as alternatives going forward.