I can't even believe that someone now stores data in an unencrypted form.
The disk may be encrypted, but the server can't run if it isn't unlocked. Physical access does the rest:
the consensus seemed to be that preventing data access when someone has physical access to the server (the machine is turned on and running applications) is nearly impossible.