Bismark
My take on this, little worth that it has, short version:
I knew I needed to move to Android in some form but I wanted to control and limit what Google was doing in the background on my phone's OS.
I read the GOS documentation at https://grapheneos.org/features and https://grapheneos.org/usage and https://grapheneos.org/faq and I just knew that I could trust the thoughtful person behind that documentation more than anyone else ... (or any of the 'ROMs') ... to deliver me a mobile OS that I would be using every day for email and banking.
long version, continued:
Okay, this doesn't protect me from nation state actors, but I'm fortunate that that is not in my threat model. With GOS and its transparent, well defined documentation ... I just have the great feeling that I have some understanding and control over how my phone works and what background processes are running; much better than with Pixel Android or other AOSP derivatives.
Why would a nation state waste a valuable exploit on insignificant me? Reading the docs, I trust the GOS devs to do a better job than anyone else to protect me from lesser threats. The big threat to worry about is always third party apps ... that is where GOS really shines in being able to reason about how to install third party apps for safety - secondary profiles, storage scopes, vpn, private dns etc. I suggest this is where you should focus your energies.
And don't forget that GOS is built on Android/AOSP and the security model (SElinux policy) underpinning AOSP is probably the best you will find on any readily available client computing device anywhere, ever.
Where else can one go anyway?
This is why donating to GOS is really important for those of us lucky enough to be able to afford to do so and hence helping those less fortunate as well. It is also why GOS' generous 'extended support for harm reduction' is so good because second hand Pixels can become more affordable, even in developing economies, after two or three years.