[nuvious]

For sure; there's risk/benefit to this kind of mitigation. One thing to note is all the actions occur before the user drops into a shell (or for desktop login the desktop rendering). If one is simply getting rid of LUKS containers or deleting VPN credentials it wouldn't take very long at all.

One could even write in a routine that removes the duress module entirely so it's a one-shot duress password that cleans up sensitive data, notifies anyone who needs it and then immediately removes all evidence that pam-duress was employed.

But you are right this is a tool with risks/benefits and the risks changed based on what's being protected and the context of the coercion.