I would recommend putting the data on both.
If you’re worried about data theft, you’re probably just as likely to have malware steal your files as you are to have malware steal your Microsoft account password (or have someone find your password in a leak somewhere because you reused it) and take your files from OneDrive.
The main reason to store it on both is for backups. If you get ransomware, or just a hardware failure, you’ve got a copy on OneDrive as a backup. I can tell you from experience that you’re much more likely to lose your data to a disk failure than you are from malware. Backups are extremely important.
My recommendation would be to enable two-factor authentication (2FA) on your Microsoft account, in order to help protect it, and use a password manager such as KeePass so that you can have random passwords everywhere instead of re-using the same password in a bunch of places, which is a major risk.