Good point. The OP did say his “son” so I guess a certain level of trust is justified but it is still a valid point (as you say, even if the person getting the copy is trusted).
Still, if booted into Jumpdrive in order to restore the image, that is an opportunity to reencrypt (change the underlying master key) and change the key-slot passphrase.
Ideally though this would occur before restoring e.g. by making a copy of the disk image on the host, doing a loop mount of the copy, reencrypting / changing passphrase on the host (which should be faster anyway), and then making the copy available to restore.
Of course all of this assumes that the OP is using LUKS (disk encryption).