Does a MacOS filesystem log reads (mounted read only) if not natively booted? And does Mac BIOS setting for USB boot or an encrypted filesystem/storage remain an obstacle to a viable attack vector?  

I'm not a hacker or a Mac user since long ago. I'm an defender of opsec for self and those who value it. 

 I think by default the filesystem is encrypted, so you wouldn’t be able to read if you booted from another drive. There are times where there are vulnerabilities in firmware that allow this sort of thing though.