If a password manager were running in the host and sending key presses to the guest, then even if the guest got hacked the password database would be safe. Whereas if a password manager runs in the guest, then any hacker intrusion would put the password database at risk of theft or modification.
How can a host application send key presses to the guest?
If that works then an open-source password manager could be rebuilt with this functionality added.