Just plug it into a freshly set up offline computer, rasperry pi for instance. All the wallet files on the stick can be encrypted too.
Freshly set up offline computers that you trust do not grow on trees. Using an offline computer for payments...even using cryptosteel is probably easier than all this.
Encrypting wallet files does not really solve the fundamental problem. You have to decrypt at some point with keys. The security of this process is what the hd wallet is for
You wouldn't really use that wallet for payments though, just for storage. You can transfer some funds on your every day wallet.
Then I would consider the computer to be part of the system to replace a HD wallet. And it would have a far bigger attack surface than the HD wallet has. Probably also less convenient.
Meant to reply to your other post.
