I did not think this through. The phone could get hacked and malformatted transaction could theoretically infect the device and make it produce transactions for the attacker but the return path should filter them out before they are broadcasted. 3 device chain has quite robust security.