I've already seen lockable boxes around computer ports on some older model workstations. Combine that with some tamper proofing on the keyboard, and you've probably bought yourself a little more security against any intruder who has limited time with physical access.
Not if you can get access twice. A variety of "evil maid" style attacks exist. For example, imagine I replace your FDE's bootloader with a version that appears identical, except it also logs your passphrase. Then I come back, read the passphrase, decrypt, and win.
For scarier thoughts, imagine I know how to control the Intel Management Engine, and attack that instead. That's not covered by FDE.
