If a password manager were running in the host and sending key presses to the guest, then even if the guest got hacked the password database would be safe.  Whereas if a password manager runs in the guest, then any hacker intrusion would put the password database at risk of theft or modification.

How can a host application send key presses to the guest?

If that works then an open-source password manager could be rebuilt with this functionality added.