KVM isn’t a hacking tool but a way to tel the mini the keyboard, display and mouse are attached to assist with remote access.
If someone takes the Mac w/FV on, user password won’t matter as the bad actor has a few options to access the data.
The question is what data would be exposed if the mini had a boot volume w/o FV, and a second volume w/FV on that housed easier to secure data such as documents and files.
Authenticated restart is great for times when you might be doing remote maintenance, yet fails if there is an unexpected reboot (ie. power failure.)
What information would be exposed if the boot volume didn’t have FV on (presuming a second volume had FV on for documents and files?) Network passwords for example?
That’s why I ended up getting a UPS 
It depends on what you keep on the boot volume. I don’t think your passwords would be at risk though, as they’re in your Keychain and should be encrypted there. I’m not a Keychain expert so I’m not sure how well protected things are there: some secrets stored there do have to be retrievable by the system, including the ones used to unlock any of your automatically mounting encrypted drives.
The mini needs to connect to the internet so one can remote in…so in theory those credentials might be available, no (to someone who walks off w/the mini, no FV on…could get it)
I thought the boot/system volume on an apple silicon Mac was a read only volume that could not be modified by any user or application? Only Apple had access?
After I purchased my M1 MBA I tried to clean up some of the PDF menus, like I had been doing for years, but was unable. Even when logged in as root.
I was of the impression you were talking about a KVM switch. Which also isn’t a hacking tool, of course. 
This is where I’m confused. If they physically take the Mac, and FileVault is on, how would they access the data? You can’t mount it using Target Disk Mode without the user password. And if they have that, everything else is moot.
If they physically take the the Mac, and the FileVault is on - they can’t access the data.
At the same time, the owner can not remote in after a power failure. In order to set up the ability to remote in after a power failure, the owner would need to DISABLE FileVault on the boot volume.