a thief could just transplant my Ryzen CPU (and its fTPM) into their motherboard, or they could transplant a discrete TPM into their motherboard.
The TPM should detect a change like this and prevent bitlocker from decrypting. At least that's how it's supposed to work.
IIRC the TPM compares a hash of the OS (and hardware?) config from the last shutdown with what it sees this time and if it doesn't match it doesn't unlock. If you transplant your hard drive and TPM to another machine with a different OS install on it and try to access the bitlocker drive from the different OS you'll find it locked despite the TPM being present.
I can't remember if they would be able to boot your OS install on another mobo if they had both your TPM and OS install but that doesn't get them anywhere without being able to login to your windows account. If they tried to boot a windows password cracker (like OPH crack) or offline password reset tool the TPM would see the different OS wouldn't unlock so the tools wouldn't work. The pin is a useful extra layer of security but depending on who you're trying to protect against it might not be needed.
Also the BIOS power on password is a bit redundant with Bitlocker. I know it's an extra layer of security but it's not adding much beyond inconvenience given what you're trying to do.