[captainmuon]

You could have a VM where you do your secret stuff, and then shut it down when you are done and nobody can access it without the key.

It doesn't help against sophisticated keyloggers on the host (although I'd assume you would have a little bit of protection if you don't normally work as admin). It is more for the case that your PC gets stolen, or confiscated by authorities.

I think my PCs which shipped with full disc encryption are secure (Windows, macOS), but I never looked into it in detail. And I don't know for sure who could access it besides me (my job, Microsoft/Apple, law enforcement). My old shared desktop PC is definitely not encrypted. I only really have confidence in the Linux laptop I set up.

So for me it would be a privacy and comfort win to just have a small VM for sensitive stuff which is easy to encrypt.