Regarding security in general, it is very hard to make everything bulletproof.
It either costs too much to do or becomes too inconvenient. Either way, there is
a price to pay and those who are willing to pay it enjoy the most security. (It
is quite possible to make credit cards secure, but it costs to much to do, and
I am certain the "math" has been done by actuaries to show that the cost of
tolerating problems is lower than the cost of a bulletproof system. I could be
wrong.)
On Linux, you want "crypto" and it is mainly through LUKS and the mapper. I use
this and I am a strong advocate of it. At the very core of security lies the
user... Whatever lives outside of the LUKS "container" is not to be trusted.
I can elaborate to a state of nausea, but I will spare you. At the core of what
I do are Linux LUKS-encrypted containers. They are partitions that have been
turned into LUKS containers (not to be confused with containers that jail
processes, like lxc/docker). I keep the home directories in a LUKS partition.
I manually bring them up ('cruptsetup luksOpen /dev/sda2 CRYPTFS') and mount
them ('mount /dev/mapper/CRYPTFS /home') when the system starts up. I do a very
similar thing with backups. This method offers protection from anyone who can
have physical access to your system, say the FBI raiding and taking your
hardware with them, or a burglary.
You want to use the crypto.