Can your keys be compromised on a phishing site if you use a hardware wallet?
"If you are using a Ledger or TREZOR & use a phishing site by accident, can your keys be compromised?"
Your key NEVER leaves your Ledger or TREZOR hardware wallet, so even if you were to use a phishing site, your accounts that are on your Ledger would not be compromised.
However, a malicious site could hypothetically get you to send to an incorrect address. Always check the address you are sending to on your device before confirming. However, be aware, when sending tokens, the "to address" will be the token contract address, not the address you are sending to. You can verify that it is the correct token address via Ethplorer.io
This ONLY applies when you are connected to the Ledger or TREZOR though. If you ever enter your word-phrase, private key, or keystore file, you are not protected.
For more information about using Hardware Wallets with MyEtherWallet, please go here.