Too many people think full disk encryption solves everything. It doesn't.

Even possessing unencrypted VMs is a huge attack vector. Plausible deniability should be the first line of defense.

If a VM can't be run in an isolated, encrypted container, it loses 99% of its security.