I personally wouldn’t use TW as a password manager, since all the data is decrypted as long as the tab is open. So if you forget to “close” it, everyone can access all the info in your browser tab.
There is a plugin, that lets you encrypt / decrypt single tiddlers. … BUT … the plugin system itself is a very powerful “attack vector” for social engineering.
TW also has a relatively huge “attack surface”, since it contains a lot of API functions that make it easy to retrieve data from the “store”. That’s by design, since TW wasn’t developed to be used as a password manager. It’s more like a general purpose CMS (content management system)
For me a PW-manager only should have the minimal API functions needed to make it work for exactly that purpose.
Just my opinion.