[schoen]

A couple of possible ideas:

* Heightened risk of compromise in particular physical locations?

* Use in conjunction with something like TAILS so it's harder for someone who breaks into your computer to achieve persistence?

* Decreased risk of compromises that involve multiple machines attacking each other?

* Attackers may be wary of storing huge amounts of data persistently because the associated changes in storage media could be detected by forensic spot-checks?

(The third one probably requires that the forensic examination can get access to everywhere that the data could be stashed ... like nonvolatile memory inside onboard devices, not just the hard drive and main RAM contents.)