Metamask possible vulnerabilities

I use Metamask browser extension for maintaining my Ether, but came to think of this, that a browser plugin is vulnerable because it is updated automatically, and even if the current developers of Metamask are completely honest, they might get hacked, and someone might upload a malicious version to the extensions central (Chrome extensions, Firefox add-ons, etc.). Any thoughts about this?

Related question: Ideally I would like to store my seed phrase on a physical paper and just type it in to some open source tool that I trust whenever I want to make a transaction, instead of using a browser plugin. Can this be achieved?