Relaxing controls = bad idea

I was recently reading through some security blogs talking about the recent news on full disk encryption hacks.  As I was reading, I came across the following comment on Rich Mogull's blog, securosis.com:

Just wanted to point out a bit of a paradox, “your best bet is still to maintain physical control of your laptop”. Isn’t the main purpose of full-disk encryption to prevent data disclosure when people *don’t* maintain physical control of their laptop? If people maintained physical control wouldn’t that negate the reason to have full-disk encryption in the first place? :)

When I first read the comment, I thought it was a really good point.  But then I started thinking about the thought process behind the comment, and it worried me.  My guess is that he didn't think it all the way through.  Basically, this person is saying that if you implement FDE, then you can relax your physical security controls.  But that is actually not true.  FDE is implemented IN CASE physical control fails.

When you relax a security control because you have implemented another, you create an area for attackers to target that was previously guarded.  Yes, if you put in a control that makes another totally irrelevant, then I understand.  But how often does that actually happen?  So if you stop worrying about the physical security of your laptop because your security guy put on FDE, then you are asking for someone to steal your laptop. 

And remember, physical assests have value, just like intellectual property.  And what about the inconvenience factor?  It all adds up.