I reason (as is standard) that the only real way that my machine would be compromised is if someone has physical access; and if that’s the case there’s absolutely nothing you can do about it.
This is incorrect. The main ways computers get compromised are as part of broadly-targeted attacks using open ports, trojanized downloads, and vulnerabilities in the web browser, email client and other network-facing software. For physical-access attacks, the main one is that the computer gets physically stolen, powered off in the process, and never returned, in which case having encrypted the hard disk matters a lot.
This is incorrect. The main ways computers get compromised are as part of broadly-targeted attacks using open ports, trojanized downloads, and vulnerabilities in the web browser, email client and other network-facing software. For physical-access attacks, the main one is that the computer gets physically stolen, powered off in the process, and never returned, in which case having encrypted the hard disk matters a lot.