A reasonable compromise would be if the save process used a randomly generated key, and that key was available during the resume. Presumably the TPM or a similar mechanism could be used.
Reading secrets from the disk will generally leave behind no evidence. All the bad guy needs is a screwdriver. Reading them from memory is very likely to leave evidence in the form of scrambled/lost memory. In any event I'd claim the cost to the bad guys is $10 to grab data from disk (leaving no evidence it has been done) versus $1000 to grab from ram but being evident. Not the same order of magnitude as usual crypto gives ("$millions") but a noticeable difference.
Re: Threat to dm-crypt
Reading secrets from the disk will generally leave behind no evidence. All the bad guy needs is a screwdriver. Reading them from memory is very likely to leave evidence in the form of scrambled/lost memory. In any event I'd claim the cost to the bad guys is $10 to grab data from disk (leaving no evidence it has been done) versus $1000 to grab from ram but being evident. Not the same order of magnitude as usual crypto gives ("$millions") but a noticeable difference.