KeepassXC security and single backend for all Qubes? (and healthy password management practices)

BTW, there was another thread on this subject some time ago - not about KeepassXC itself though: