So there’s probably no perfect solution that optimises all aspects e.g. cost, security, convenience, environmental, …
Random idea: The Librem 5 to grow one more switch and to grow embedded hardware USB Data Blocking functionality, a switch that controls the behaviour of the USB-C port. In the “charging only” position, the USB port acts as if a USB Data Blocker is in use (power flow can be negotiated but no data transferred). In the “charging + data” position, the USB port behaves as now.
In theory a good idea, but I think in practice it would limit your charging options as afaik power negotiation is done using the data lines.
That is my understanding too. However I am talking about an embedded hardware USB Data Blocker so that should still be possible … and also taking into account that USB-C is specifically implemented on a dedicated board within the Librem 5, thus making it more practical to keep the data lines away from the host computer if the switch says to do that.