XPS 13 9370, boot with USB or SD card AND secure boot

Although Windows 7 can be booted in UEFI mode, it does not support Secure Boot because its bootloader was never signed -- so it definitely won't work with Secure Boot enabled.  Windows 7 also does not fully support the UEFI spec.  Even when booted in UEFI mode, it retains some Legacy BIOS dependencies, so you have to keep Legacy Option ROMs (sometimes called UEFI CSM/Compatibility Support Module) enabled in order for it to start.  Normally that option is only enabled to allow a system to support booting "true" Legacy BIOS environments as well as UEFI environments, but with Windows 7 you need it enabled even when booting it in UEFI mode.  (This incidentally is why Windows 7 doesn't work in a Hyper-V Gen 2 VM, which only supports "full UEFI" OSes and does not allow Legacy BIOS dependencies.)  And when Legacy Option ROMs is enabled, you can't enable Secure Boot.

Apart from that, there's the reality that the XPS 13 9370 is much newer than Windows 7 and therefore there aren't any Windows 7 drivers available for it, so even if you do get Windows 7 to boot, you might find that some of your hardware doesn't properly or at all.  Running the 32-bit version also means you'll be limited to 4GB of RAM total and no more than 2GB of RAM for any single process.  And that's all before even considering possible Windows 7 activation issues due to being booted from external, portable media (technically only Windows To Go installations are licensed to be installed on portable devices, which requires special enterprise licensing) and the question of whether Windows 7 even supports being booted specifically from an SD card at all.  And finally there's the fact that Windows 7 stops receiving security updates from Microsoft next month, so it's not really a good idea to keep running it even if you can.

Back to Secure Boot, most Linux distros do not support it, at least not without some extensive manual effort because Secure Boot by default only trusts bootloaders signed by Microsoft.  Microsoft has actually signed the bootloaders of some Linux distros, such as Ubuntu, so those distros can actually boot with Secure Boot enabled out of the box.  But with most Linux distros, you need to either disable Secure Boot or import additional signing authority certificates into your firmware so that your system's Secure Boot mechanism will trust whoever signed the Linux bootloader you're trying to use.

All that said, you can absolutely disable Secure Boot and enable Legacy Option ROMs without messing up your system or your installed Windows environment.  What you CANNOT do is put your system into full Legacy boot mode (assuming that's even possible on the 9370), which will completely disable UEFI boot support.  That WILL prevent your existing Windows installation from booting, but even there you can get back to normal by changing those settings back.  Same goes for changing between AHCI and RAID mode.  There aren't any BIOS settings that will completely destroy your existing Windows installation unless maybe you have a "Secure Erase your hard drive" option in there.

The warning about disabling Secure Boot exists because it is a useful anti-rootkit measure for OSes that support it, because if the bootloader is ever infected by malware, having Secure Boot will cause your system to warn you about that when you boot it.  I've seen threads where people have complained that their system will no longer boot because of a warning from Secure Boot saying that the bootloader has failed the integrity check, and some people have told them to work around it by disabling Secure Boot.  Well that would technically allow the system to boot (unless the bootloader has been completely corrupted), but if the system DOES boot at that point, you've probably just allowed your system to boot from an infected bootloader.  So that advice is a bit like telling someone whose house alarm has just gone off to just go disable it to stop all the noise without bothering to see if maybe a burglar is now in their home.

And fyi, if Secure Boot is ever the reason a system won't boot, the system will make that completely clear.  It will specifically say that the bootloader has failed the Secure Boot integrity check, or something along those lines.  If you don't see that message, then Secure Boot isn't your issue.