In response to your hard drive being taken out and used externally. If you are using secure boot and Bitlocker drive encryption (standard in all Windows 8 and 10 hardware), your drive can not be read as the date is encrypted and tied to the device hardware. Unless your storing state secrets, the amount and time, effort and cost involved to gain access to your hard drive would not be worth it. The thief would be better off going after a Windows 7 laptop or Windows 10 running on W7 hardware.
Our goal is to reduce the amount of times you need to log in to applications, hence single sign on. If you need to password protect a folder, there are many third part apps available but, additional encryption of a folder will cause the folder to synch more slowly and you will need the unencryption key to access and unlock the data.
I will pass your feedback onto the team. It's a feature we may look at for consumer (a password protected vault perhaps) but for business, there are always so many ways to additionally protect content with DRM, DLP, IRM, AIP and WIP as well as customer lockbox and hold your own encryption key, I don't feel this is a path we would pursue but I will pass it on.
Thanks for the comments,
-Stephen
