If your primary security concern is the USB drive, and your drive encryption key is not stored on the USB (which is the usual Unraid use case), then yes, this method does mitigate that threat.
[An ever-so-slightly-simpler way, if you're already keeping a file per program/docker, is to have that file be a script, which will just output the key/passphrase to stdout (as in "echo" or "printf"). Then, you just include it as "... TOKEN=$(/path/to/script) ]