Unless you also employ very strict sandboxing, a rogue app or script could read those emails from your running system while LUKS is unlocked. There are plenty of CVEs relating to code execution; an infected JPEG, browser exploit, or any number of other things could expose your Thunderbird email database or the running memory to an attacker, particularly if you use “secure” services like Proton because you’re the kind of person who would be targeted by state actors.
If you have properly implemented LUKS I don’t see any reason that should be a concern.
Unless you also employ very strict sandboxing, a rogue app or script could read those emails from your running system while LUKS is unlocked. There are plenty of CVEs relating to code execution; an infected JPEG, browser exploit, or any number of other things could expose your Thunderbird email database or the running memory to an attacker, particularly if you use “secure” services like Proton because you’re the kind of person who would be targeted by state actors.