for me and you, that is probably enough.

but you always need to know who or what is a potential threat to you. in the end it is just about making it enough of a pain for whoever might be interested in your data, so it is not worthwhile to them. having to break out forensic tools - just to get encrypted data, is probably painful enough for most. make them play puzzles with metal and glass shards will for sure open some wounds to pour salt on.

cremating disks is a thing for hacker collectives. termite is an extremely interesting thing to observe. but i am pretty sure there are more practical reasons, why people do that.

what would be your way of disposing that sensitive data?

not arguing that there are disks beind disposed inproperly.

i used to work for a company with sensitive data. disks that did get a certificate, where wiped by our guys first. then a truck from the recycling/destruction company would arrive and disks get shredded 1 at a time. the whole setup was in a way, that you could observe the disks being torn into pieces, somewhat bigger than sawdust.

two of our IT guys, two of the guys doing the destroying and some C-Suit would have to sign for every disk they observed being torn to pieces. if you do want to make sure your data is gone, there are ways to do it. admittedly, this way is a bit of a stunt. but it was fun being paid for observing bits of metal being reduced to pieces.