Sure. If your FDE disk is mounted and your machine is susceptible to any kind of remote exploit (OpenSSL, Adobe flash, weak ssh password, etc) then the attacker has full reign over your disk when they arrive.

File-level encryption constrains them to just the files you have open at the time, although of course any breach might be persistent, so they could theoretically wait around until supersecret.txt gets opened and grab it then.