It is quite probable. It used to be the case that /boot could not be
encrypted. It may still be true.
/dev/sda5 is encrypted: https://en.wikipedia.org/wiki/Linux_Unified_Key_Setup
With the graphical install (but maybe with the text one too), you only need
to rather quickly use the Live system after it boots and Orca is not enabled.
When you write about "the Text Mode Install", you do not mean "the
NetInstall", do you? Because the "NetInstall" obviously needs the Net.
Execute 'sudo passwd root', give root a password and take the administrative
privileges away from the first created user. You would then end up with a
security administration à la Debian.
One advantage in not having a password for "root" is that script kiddies must
not only guess the