It's better to plan ahead, so what are you doing about it?
Personally, I wouldn't be that paranoid about it. If you have a government that can keep you in jail indefinitely just to get your Bitcoins, then you have much more to worry about. It's not exactly difficult to hide a wallet.dat either, search up steganography though it does have certain downsides to it but it should be a good enough obfuscation method.
Keeping all of your current and future addresses on there doesn't seem too sound. It is possible that if someone subtracts the necessary info key derivation could be exploited.
To be fair, even Bitcoin Core uses HD wallets as a format to store Bitcoin. I think it would be more convenient and secure this way as the necessary frequent backups meant that unsecured old backups could be lying around anywhere.
So wallet.dat is the safest, yet, the most annoying to keep safe, as you need to keep a physical medium to store it offline, and you need the synced node to transact as well.
As long as you are able to get the transaction information, you don't need to keep the client itself synchronized. There are ways to obtain the UTXO of a transaction, though it might be slightly more inconvenient.