This pretty much does away with one of the benefits of 2fa; namely the client you're entering password into is physically divorced from the client you're getting the second factor from. Take for (stupid) example, you're a company that uses pubkey + 2fa auth for user SSH logins. The pubkey already resides on the device logging in, if the key in in memory or not pw protected, there's no access control if the second factor is also available from the same machine.