Zombie thread...
That aside, heck ya! Agreeing with
@maflynn.
ANYTHING that I deem sensitive (financial, medical, Keychain, etc) is encrypted.
In the case of Filevault, I use two accounts, one for everyday, second for admin tasks. 16 characters for everyday, 19 for admin. Both semi-random with mix of upper/lower, digits, special characters.Keychain is encrypted, Filevault encrypts disk, add strong Filevault passcodes (ie sign ons), gives me lots of runway to recover from any loss (ie. Several levels of encryption to crack to get to info).
External drives, random 25 character passcode on partitions I store sensitive stuff on...
And if I get electronic notices with my SSN on it (or final copies of my tax returns and support docs), I make a point to black those out via Preview and then generate a whole new PDF of that where the blackout can't be removed. Stopped printing paper copy of docs years ago for this reason: can always recover from cloud and external drive copies (see below).
Anything sensitive copied to cloud, I encrypt with a 25 character random code before uploading.
iOS, different strong passcodes vs Mac (12 chars, upper/lower, special, numbers, TouchID to make life easier). And apps on there that might have secure info and allow passcodes, turn on that with a different code vs device.
Password manager to have copies of all these keys: would need some serious loss of devices to recover.
So, yeah, turn Filevault on. In the age of devices with SSDs, not a performance hit, and gives you a big level of security. (Aside: never thought Filevault was a big hit with spinning disk, and was worth it in the big scheme of things; HDD boot is slow no matter what).