The security model is different. (This answer is a work in progress.)

Startup key on USB flash drive

Pros:

• No need for a TPM.
• 2FA: user needs both the startup key (stored on a USB flash drive by default) and the PC, in order to decrypt the system disk.

Cons:

• You might accidentally overwrite or format your USB flash drive, requiring you to manually enter the recovery key in order to be able to boot Windows. This risk can be mitigated by using a USB flash drive with hardware write-protection.
• If your USB flash drive is lost or stolen, then an attacker who comes into possession of it can read (and copy) the startup key from it. This particular attack can be mitigated by using a hardware-encrypted USB flash drive (e.g. this; there are other brands available).
• If your PC is sufficiently compromised, then an attacker could potentially read the startup key from your USB flash drive while it is inserted into the PC during the boot process. This will be true even for hardware-encrypted USB flash drives, as they must be unlocked in order for the PC to boot. However, if your PC were compromised to this extent, then whoever compromised it would probably already be in a position to read everything that BitLocker is protecting, i.e. the startup key would probably be superfluous for them.

TPM

Pros:

• No need to purchase a USB flash drive.
• No risk of that USB flash drive being lost or stolen.
• Unlike USB flash drives, TPMs are intended to prevent the private data that they store from being read. Instead, they use challenge-response mechanisms. As such, an attacker without advanced skills or equipment will not be able to retrieve the private key from a TPM.

Cons:

• Attackers with advanced skills or equipment, and with electronic or physical access to the PC, may be able to retrieve the private key from a TPM, e.g. by:

  • cutting open the TPM and using an electron microscope to read its contents; or
  • employing a side-channel attack such as RSA timing analysis or differential power analysis.
• Attackers with sufficiently advanced skills may be able to fool the TPM into performing the challenge-response successfully even if Windows has been modified by an attacker. (This is more of an attack against "secure boot" than against BitLocker per se.) However, if your PC were compromised to this extent, then whoever compromised it might already be in a position to read everything that BitLocker is protecting.
• If you move the BitLocker-protected drive to another PC, you will need to manually enter the recovery key.

No "USB-based Bitlocker encrypted drive"[1] is not as secure as encrypting a drive with a TPM& because:

Contrary to earlier (expired?) answers, Bitlocker without TPM does not work with multi-factors. So a start-up key on a USB and a Bitlocker password are two independent access 'keys' to the drive. You only need one to unlock the drive.

Such keys are called 'protectors'. For a system drive different protectors are available than for a data drive. An OS drive can have a start-up key. Since a data drive is not booted from, one can use a 'RecoveryKey' protector in that case. Both create a *.bek file which according to the following command...

manage-bde -protectors -add -help

... can be used interchangeably, because they are both 'External Keyfile' protectors. The command will list all possible protectors. (Passwords, SmartCards, Keyfiles, TPM, etc.)

Why is TPM more secure?

Because with a TPM you can add a protector that in itself is depended on multiple 'secrets'. Possible options:

• TPMAndPIN
• TPMAndStartupKey
• TPMAndPINAndStartupKey
• TPM

The first 3 are in a way mimicking multi-factor behaviour, though the TPM part is bound to the machine and not mobile.

The USB-based experiences were based on a system without TPM. If a booting system sees no USB drive with startup key during startup, Bitlocker will ask you to enter the password, provided a 'Password-protector' exists. If it sees the startup-key, it will simply boot Windows. A USB-drive with LED will allow you to verify if the system if even reading the USB-drive; some USB-ports might not be active pre-boot unless you tweak some bios settings.

Conclusion

If you encrypt the drive with a -TPM only, it only protects the drive if the drive itself is moved to another machine. Anyone can boot the original machine, no additional secrets are required. This would be almost equivalent to the situation of having a USB-drive for non-TPM machines stuck into the USB-port.

If you use -TPMAndPIN you will need to enter a PIN during boot which will be more secure than having a non-TPM USB-drive variant, because the secret is something you know, not something you have; provided your PIN is not your birthday and long.

For the record, you cannot use a TPM for a data drive. But you can daisy-chain drives to the original TPM-protected OS drive.

It is recommended to add more than one protector in case you loose or forget the primary. A Numerical Password (-RecoveryPassword) could be saved in safe location.

If you have only access to a non-TPM system: Configure a Yubikey with a long static-password 25-30 chars. Use that password in addition with something you concatenate before or after the static password (5-10) as a password protector for Bitlocker. This mimics multi-factor authentication, though for purists it is not real MFA.

[1] = from topic starter: drive encrypted with Bitlocker without TPM and with start-up key on USB-drive.

I used the word 'drive'; you may read this as 'partition' as Bitlocker is enabled per partition, not per drive.

https://docs.microsoft.com/nl-nl/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10