Hi everyone,
Thank you for the useful advice and extra technical explanations.
Tell me about what these adversaries might do…! 
I presume that with an unlocked bootloader, under FPOS, with factory reset protection, they could flash a new recovery, reflash the phone? Obviously if they’re really sophisticated they can easily bypass factory reset protection and the data encryption, but let’s assume they’re not nation state level of cleverness, what could they do?
…okay now I’ve read Is there any benefit to disabling the option “OEM unlocking” again? - #6 by CransNeighbour. How is the last bullet possible with an unlocked bootloader? Does it allow the attacker to flash a custom boot image which then has elevated permissions to steal all my credentials and data? I.e. the attacker gets root access?
So the counter to this attack would be, every time the phone has left my hands, to reflash with a known, trusted recovery, boot and system image before unlocking it again?
Cheers 