Is XUMM more secure, equally secure, ... than eg. a Ledger Nano (hardware wallet)?
When building XUMM we took all precautions we could think of, and added a lot of code to make XUMM really secure. To the point we felt confident enough to offer XUMM to users to hold the keys to their XRP account(s). However, XUMM is only as secure as:
You, keeping your account secret (family seed / mnemonic / Secret Numbers) safe
While we store your secret information in an encrypted "keychain" on your smartphone. Even if your smartphone is compromised it is still really hard to obtain your secrets. There may be attack vectors however. This means that you should make sure your device (smartphone) is up to date with OS security updates and patches.
We dare to say XUMM is either equally secure or more secure than other XRP wallets due to the security measures we added to XUMM.
While hardware wallets are vulnerable to several attack vectors, eg. updating it with compromised firmware, obtaining it from a tainted source (logistic attack) or a physical hack, a hardware wallet is more secure than XUMM. This doesn't make XUMM insecure, but this does mean that, if you already own a hardware wallet, you should consider using another account for your daily XRP spending/playing, leaving your XRP savings on your hardware wallet.
You could consider adding your hardware wallet account (r...) as a Read Only account to XUMM, so you can check the balance and transaction history, then to send some XRP for daily spending / playing to a new, low(er) balance XUMM account. PLEASE NOTE that Read Only accounts in XUMM (accounts imported by r...-address, without importing a secret key / mnemonic / Secret Numbers) can NOT be used to SIGN transactions.