Yes, you must some single point at some time. A few highly specialized and fully trusted providers might not be a horrible idea. However, the wider you cast your net for providers the more likely it is that they will not all be trustworthy or that that one will itself be insecure.

One of the tenets of a really paranoid security policy is that those single points you must trust should be as directly under your control as is feasible. A key and pass phrase wallet at the client end fulfills that requirement nicely.