Most users probably also didn't care about the first-party firewall exemptions. They could have asked people if they wanted a separate password for disk encryption (e.g. a small checkbox).
It is highly non-trivial to extract private key from Apple encryption chips, last time I heared the price is at least 100K USD, and probably much higher now. So unless one values own secrets that high, a short password could be OK.
