This makes no sense, mytrezor adds the fees afterward not from the current amount.

against hackers
is it safe like a paper wallet?

Then just keep a little extra, like .01 or even .001 more. I don't get the reason to keep just enough. That is like having a wallet and keeping $29.99 in your wallet for dinner and when you can't pay the tax saying well I only use exact amounts. Kinda counter-productive.

I still not following this, because cold storage is not suppose to be moved frequently were I see fees being annoying. If you move it more than once then maybe cold storage isn't the best solution for that use case.

I think you are confusing offline wallets and cold storage wallets. Offline wallets let you sign transactions offline blocking computer viruses from easily recovering the private keys. This would be great if you want a wallet that you can use a lot but some good protection from viruses/hackers. This is what trezor is and does fairly well without another computer. Cold storage wallets have many factors that need to come together to spend the funds, making it difficult for someone to get them physically. Offline wallets don't protect against that theft well. Cold storage wallets would be multi-sig addresses, key splitting, 2-3 factor auth. Basically not trezor the pin offers ok protect against this but for enough funds the robber would also try to locate the written down seed as well as trezor, so funds can't be moved before they get to it.

There are some possible attacks using combinations of malware in the host computer, "human engineering", hidden cameras, theft, replacement of the device, infiltration of Satoshilabs, etc..  Appears to be safe if the latter two are considered unlikely and the device is used strictly according to the instructions.

Besides the usefulness of handling round numbers, "keeping a little extra" also ties past and future transactions together. Say you keep a little extra in the middle wallet. Each time you attach a bit of that extra as the fee, it links the prinicipal address with the "little extra" address. You could move the "little extra" every time, too, but that's an extra step. You can't always predict ahead of time how many hops you're going to need to make with the funds. Also, for tax purposes, keeping track of the "little extra", which might have started as "a larger extra" is tedious.

Anyone know of a timeline for a public release of Electrum 2.0?   I want to try it with trezor, but am not tech savvy enough to be messing around with betas...

REALLY?
ho god , i boght trezor to fel safe, not to feel into troubles
holy fk
so i can loose my btc if someone hack the trezor labs?

If someone gets a malicious version of the firmware, signed with the authentication keys held by Satoshilabs managers, it may then convince users to download and install that "firmware update" in their Trezor.  That malicious firmware then could steal the coins, in many ways. As long as Satoshilabs takes good care of those keys, that risk does not exist.

A thief may substitute a malicious fake Trezor for the real one, when the user buys it.  A fake Trezor too could steal the keys in many ways.  As long as Satoshilabs keeps close watch on their shipping dept, and users only buy Trezors directly from them, that risk should be small.

The thief could also convince a user to download and install a non-authenticated version of the firmware.  That would cause the Trezor to wipe its memory clean and display a warning on its window.  The thief then would have to convince the user to ignore that warning, and re-enter the 24 magic words, from which the private blockchain keys are derived.   Users should be wary of re-entering the magic words after such a warning.

(Many years ago some pranksters would dial a random fixed phone number, pretended to be the phone company, and asked the person to drop the set into a bucket of water, "for a test".  Many users did.)

You should report the issue in github.