Wolfy666 Apologies, but I was under the impression, that "GrapheneOS", was inheriently a secure OS, therefore, I find the suggestion, that on the Nothing 1(CFM), this would be "un-secure", a little hard to follow.
The security of the OS is based in part on the underlying hardware and firmware being secure, in ways listed on the project web site: https://grapheneos.org/faq#future-devices
If -- completely hypothetically -- the hardware on some phone leaked encryption keys when they were in use via radio emissions, no OS on such a device would be secure against in-person attackers. This is an extreme and hypothetical example, but side-channel leakage is a real thing.
Or if -- non hypothetically -- a vendor supports verified boot but leaks the device signing key, again no OS on the device would be secure against in-person attackers (this actually happened).
The list on the GrapheneOS web site is carefully thought out by people with substantial security experience.