It is extremely underrated. People don't know how bad it is and for how little criminals are ready to cut off a finger/kidnap you.

Even if you don't die - you don't want to suffer the experience of feeling hopeless at an armed gang set out to make you suffer.

See https://github.com/jlopp/physical-bitcoin-attacks for gruesome examples

The biggest concern is how easily trace-able it is, and will become, with AI-assisted tooling.

A sufficiently motivated criminal group can pretty easily:

Further, the KYC exchange data (e-mail, name, address, phone) can all be cross-linked with various other breaches to get an AI-assisted similarity score to try and guess which details belong to the same person. In other words - it doesn't have to be 1-to-1. Maybe you re-used the phone on another website which has your same name but different e-mail - there's reason to conclude you own that e-mail too. Maybe they verify that e-mail in 10 other websites belonging to the same name, but also a new number in some places. Maybe they verify the email and new number consistently map to a new address.

It is safe to assume that sufficiently-motivated black-hat actors contain resources consisting of all of your online activity. The criminal groups don't even need to be advanced - they can just purchase the bundle of email/address off of the black-hat actors and then they have your information.