[wat10000]

There's little hope of protecting against a snooper seeing the passwords you actually use, since they have to exist in plaintext at some point. But there's no reason to expose the entire password database when no passwords are even being used.

[hWuxH]

What's the threat model where not storing them all at once provides any benefit? If someone has admin it's already game over. Can just hook the browser to retrieve all passwords on demand.

[wat10000]

An attacker might only have read access. Could be a read buffer overflow like Heartbleed, a partial sandbox escape, a sophisticated Spectre-type vulnerability, a cold boot attack, or something mundane like a core file taken from a crashed process that gets into the wrong hands.