Doesn’t having the bootloader unlocked make it easy for anyone to steal the data on the phone if they got ahold of it, making the passcode to unlock the screen completely irrelevant?
From my understanding that’s why it is recommended to enable encryption, use a pin or passcode for entering the phone and to not keep too sensitive data on the phone.
One should be fairly safe then.
You still benefit from a degoogled android and specific functions of eOS.
But of course it depends on your threat model.
eOS is surely not for those who are the specific target of intelligence services or the like…