Many people above (correctly) explained that having an eSIM with a PIN code can lead to real problems under GrapheneOS (i.e complete lockout).
On the other hand it must also be emphasized that a physical SIM without a PIN code is very dangerous too. Indeed, anyone with a physical access to your phone can take out the SIM card, clone it, and put the cloned card on another device to bypass all your 2FA / One-time passwords on every website or app relying on it - which represents a hudge attack surface these days. Data stored in the SIM card also become at risk in case of physical access (there you might find without any encryption some contacts, phone history, some messages, data or metadata from previous phones...).
While most people would consider SIM stealing to be relevant only under an advanced threat model, it must be noted that spying between partners is actually a very common issue, and this would be by far the easiest way to implement it. As for victims of sexual violence, victims of online-spying are most often not pure strangers in the streets nor evil state actors, but people in your close relationships whom you very well know, who do have a way of physically accessing your device, and sometimes do have an interest in invading your private life.
Even when you think that your partner or family or friends would never do such a thing, realize that you probably don't know who is honest and who is a sneaky spy in your surroundings, because sneaky spies are discrete and hide their game really well by definition. Also don't underestimate your opponent's skills; most jealous lovers can be surprisingly determined to read a lot on how to clone a SIM card card, and turn out to be perfectly capable of it, all the while being incapable of making a printer work without your help. I have seen it happening in my family before, and I don't think it was an isolated case
Last but not least, the threat of a physical SIM hacking also holds if your phone is stolen, in spite of all the false sensation of security that GrapheneOS gives you in that situation. This shouldnt be neglicted when owning a recent Pixel phone (= rather valuable models), especially when going to big cities or touristic areas where phone stealing can be operated by very organized gangs, and can very well work in coordination with other gangs of cybercriminals.
When you think about it, an unprotected physical SIM card can be worth much more than the value of a stolen phone if you act swiftly. Many banks still rely on SMS 2FA, and sometimes you can even manage to connect without knowing an e-mail address nor even the client number - phone number can be enough.
If you have any kind of reasonable power in your professional life (ex: CEO of an even small-sized company) an unprotected SIM can also be used to impersonate you, and make your colleagues send payment to "clients" on your behalf
In this context... Why would you struggle for decades, then, to try to unlock someone's GOS phone to access their Signak conversations, when all you intend to do is to just take the SIM card out, try a few combinations (1234, 0000, ...) and drain their bank account ?
Given that many people have dozens of thousands of $$$ on their bank account this is much more worth trying than actually accessing the useless phone's data. If it happens, your erotic pictures will be safe on your phone - hurray !, but your bank account will be empty ; and this might not fit with what you expect of a good threat model.
Meanwhile... Provided that the phone has a reasonable security against direct physical access (as is the case with Pixel phones) these risks are avoided with an eSIM - even without PIN code.
TL;DR put a PIN on your physical SIM card and don't put a PIN on your eSIM. If you can change your physical SIM for eSIM it's probably even better