You didn't address the issue of data that was stored on an SSD prior to its user's enabling FileVault or, as the case may be, upgrading to a version of macOS that supports APFS.
As I understand it, that pre-existing data remains on the SSD, in the clear, for a knowledgeable user to take advantage of.
Granted that it's apparently a task that very few users have the tools and skill-set to undertake, but the liability exists all the same, and there doesn't seem to be any way around it at the moment other than to encrypt from day one, so for those of us who haven't, the idea of passing on a (wiped-) clean Mac is apparently a thing of the past.
