Yes : if thieves can’t unlock the phone, they have no choice except rebooting (TWRP for example).
Then, they can’t get access to your data.
This is fortunate, because they can include some poor obfuscated passwords (like your email’s).
BUT : you should keep USB debug deactivated (easy backdoor), and keep USB doing nothing when plugged.
There is very little downside to keeping your phone not encrypted.
AOSP mandates encryption by default for a good reason.
I strongly recommend encrypting your phone.
If not encrypted it is absolutely trivial for anyone to access all of your files.
It takes less than 30 seconds to remove the PIN/password from a phone with no encryption.
Even with encryption with an unlocked bootloader it is possible for a more skilled attacker to replace your system image with one that will record or send off your data.
As any system image can be flashed.
This is why verifying recovery + locked bootloader + verified boot + encryption is so absolutely critical.
Without all four anyone with access to your phone can get all your data in minutes.
Keeping ADB enabled has little value for recovery purposes as in a -user system it only works when the device is unlocked, USB file transfer is enabled and the user has confirmed the host keys. And even then in -user you wouldn’t have root for anything.
ADB has no say in whether or not to encrypt or can aid in anyway.
That’s not that simple
As far as I could understand, your pin code (let’s say “password”) is used to validate against a keystore entry, which contains the key to decrypt the ext filesystem.
For the reference, here is a part of TWRP decrypt code : android_bootable_recovery/Decrypt.cpp at android-10.0 · TeamWin/android_bootable_recovery · GitHub. You can see it’s far from simple.
Ok, some well-known secret services could achieve with the decryption. But if this is your concern you should not use an AOSP-based device
One more thing : deleting the locksettings.db file on an encrypted device will not allow access to the data, it will simply prohibit any future access to them (it happened to me …).
About Konrad statement : I agree with that, but I think it’s not relevant to the encryption subject.
Encrypting your phone is a comprehensive security measure for data storage, not related to programs interoperability.
In other words : yes the programs can exchange data (copy/paste is the simplest form), but not directly read other’s storage.
Encryption is made to protect the whole data storage from “external” (read : offline) raw reading.
I used to know some very interesting people in my home country. They would never give up and found ingenious ways to hack domestic electrical equipment, to get it to do what they wanted, removing and reading chips, writing their own software etc.
Didn’t matter what the hardware manufacturer or service provider did, they found a way round it!