What's the threat model where not storing them all at once provides any benefit?
If someone has admin it's already game over. Can just hook the browser to retrieve all passwords on demand.
An attacker might only have read access. Could be a read buffer overflow like Heartbleed, a partial sandbox escape, a sophisticated Spectre-type vulnerability, a cold boot attack, or something mundane like a core file taken from a crashed process that gets into the wrong hands.