Understanding wallet security with seed phrases/secret keys

Hey everyone, apologies if this has been asked before but I've searched around and couldn't find anything on the topic.

​

Basically, I'm trying to understand the specific details of how your wallet is kept secure via seed phrases. Once input into a software or hardware wallet, from what I understand, a secret key is generated which is then used to sign off on transactions, correct?

So in the case of a software wallet:

1. Is this secret key located on your harddrive?
2. If so, can this secret key be copied by a computer virus and thus, your wallet can be stolen even without your seed phrases?

In the case of a hardware wallet:

1. Every time you transact, you'd still have to export your secret key from your hardware wallet to your computer. Does this mean if your computer is infected with a virus, that secret key can be intercepted and then used to sign other transactions?