Not entirely. If I MITM your connection to a website that uses a password, I have access until the breach is detected. If I MITM a public/private key log in, I only have access to the session (which can be made arbitrarily short if logging in is painless/automatic).
No, because if the server gets hacked and the attacker can intercept your password, your password manager is managing a password that is, unbeknownst to it, known to an attacker. Who can now use that password to just login to the service.