I think there needs to be way to transfer data between PCs and other devices that is similar to handing over a piece(s) of paper. Simple FTP/HTTP downloader written in safe language is pretty close - especially when done inside a VM using usermode network stack, ensuring that none of the data that is received from network has any chance of interacting directly with the network drivers or firewalls as everything the attacker could control is encapsulated until it's in user mode inside a limited account running in a VM.
However I doubt everyone can be bothered to set all that up for every exchance they make if dealing with many parties on different platforms. That's where the industry must come up with new solutions that are specified this "paper-equivalent data-exchange" in mind.
The question isn't about whether you can trust the source of the data, because obviously you can't trust that the source of the stick or data could know whether their system was compromised and then unknown to them, compromised the data/medium they're handing in such a way that it would interact with the driver stacks to silently create persistence.
Of course you can't trust any network transfer where keys were handed over same network. Articles on cryptography/TLS and key exchanges suggest that you can trust such thing but a good rule is: If you don't understand it, then can you really trust it? If attacker can actively modify everything related to that TLS session in-flight, and the experts admit some sort of "quantum computing device" could be used to crack it, then how am I supposed to know whether someone already has that quantum device or not? So common sense says : TLS is insecure if keys aren't exchanged preferably split over multiple alternate bands/networks, such that only by compromising all the key & data exchange channels/methods, could the communication be decrypted.
Now of course that means nothing if either end is compromised.
Almost any driver update could create persisting changes in any device that can't be rolled back by going back to the old driver. The whole system relies on some certificates to validate the integrity but if attacker has already gained local user access, gaining system level access is only a matter of time - and at that point the certificates don't matter - you can consider the system firmwares compromised and throw the pc into the bin.
The only method that could help in this setting is a completely separate system at hardware level that monitors all the various reprogrammable devices for changes in one-way/passive manner.
But the more complicated all this is, the more work it is to validate that none of the parts are not compromised at the factory.
This leaves two choices: Either assume everything is compromised at the factory and never plug it into a network, or for mission critical needs, use a retro pc made with parts and operating systems that never were intended to be in a network.
TL;DR: Commodore 64 with a modem added could be the most secure home computer ever* for encrypted IRC/instant messaging? (*out of those I happen to own)