paul_le_roux Hi there.
The USB-C port control feature is still relatively new, and we decided to go with a moderately conservative default so as to provide substantial security benefits without impacting usability, including several lesser known use cases.
The feature is so new that we haven't yet removed the "USB accessories" setting which is basically made obsolete with the port control feature.
A few things to note:
The threat model for the feature, along with other features such as auto reboot and the like, revolves around protecting data at rest, and helping the device get to that state as quickly as possible. When in BFU state, exploitation not only becomes a lot harder, but accessing the encrypted data in any meaningful way even more so.
The reason why that is the current default is because some people use peripherals and want those working BFU. If someone's keyboard isn't working before first unlock so that they can enter their long passphrase, that might be disruptive for that use case, and they might not be aware of why that is the case. Another use case to think about is what happens if the touch screen stops working. By not being able to connect a device in BFU, you're unable to unlock the device to try and get your data off of it. I understand that this doesn't happen every day, but if we make the choice to make the default stricter, if that does happen to someone, they might be upset that we didn't account for that when deciding what the default should be.
I'm not saying that the decision is final and that we may not reconsider in the future, but the current default was not chosen arbitrarily.