In my view, people are too rigid with 'RAID Is Not Backup' and '3-2-1' schemes. I think these ideas are fine in an enterprise setting, but in an individual setting, people have different needs that depend on what they're guarding against. And the likelihood of what they're guarding against will vary depending on individual settings. For example:
1) For most people, the most likely risk is hardware failure. The first line of defense has to be a scheme that can survive the failure of a hard drive. In that sense, hardware RAID is ok, though something software-based (Storage Spaces, DrivePool, the various RAID-like schemes) is much better.
2) The risk of flood/fire will vary depending on whether you live in a flood-zone basement or a city high-rise. If you live in the latter, there's no point wasting sleep on guarding against an unlikely risk.
3) In 30 years of computer use, I don't think I've ever deleted something accidentally that was beyond recovery. Again, this may not apply to you if you're a command line jockey, but if you live in GUI world, this is not a risk you need to worry about.
4) It's hard to corrupt data in software. Programs can get borked, and OS installs/updates can be messed up, but data usually remains accessible unless there's a hardware failure.
5) How likely is a ransomware attack? What if you're careful about security? Is it worth it guarding against this risk?
6) You have to weigh the recovery effort/cost vs the protection effort/cost. Rather than spending time and money making sure you implement and maintain a 3-2-1 scheme, you might consider living with some small risks of data loss or time-consuming recovery.