pull down to refresh

In general full disk encryption is more secure.
However, you will wind up with a logistical issue if you ever want to reboot that machine (or it reboots due to power failure) and you are not physically present to type in password at grub stage to unencrypt.
There are solutions to that (embedding ssh server in initrd, tang servers, etc) but one of the benefits of systemd-home + luks is that you get a system that can be rebooted remotely and boots normally - only home will stay safely encrypted until you connect and login.