@Hawkmoon …and even full disk encryption won't make it secure against 3 letter agencies.
So… I just don't store any sensitive data on my phone😂
And I know that if I lose it, I'd have to change passwords to all accounts I've been using on it — that's it.
As for remote exploits — no, using F-droid or AOSP-based ROM doesn't make you less secure — as code is open, it gets audited by security researchers all the time, if some serious vulnerability gets discovered, it gets fixed in opensource SW too.