At an abstract level, your backup is inherently slightly less secure because it's not protected by hardware encryption like the T2 chip. And the ability to boot from external devices that aren't your backup enable some potential attacks (such as booby-trapped thumbdrives), which is why they are defaulting to "off".
But in general terms, those vulnerabilities are outliers, whereas actual drive failure is not. You're far better off being able to easily recover from a failure than protecting yourself from a thumbdrive that you picked up off the floor at a tradeshow in China...because protecting yourself from the latter requires a minimum of thought, whereas the former can only be protected against through direct action: backing up.
__________________
--Dave Nanian
|