Risk of setting Vault timeout to never

Hi,
I am setting up Bitwarden for my mom for her Chromebox. I was wondering what the risk for setting the vault timeout to never. What I am shooting for is for my mom to open the chrome browser under chrome os and Bitwarden’s vault open for use. Ideally, the vault should be protected by a pin or biometric, but the reality is that the login part confuses her and will result in calls to her kids every time she login.

Assuming that the chromebox require login and that change is limited to that machine, what would be the increase in risk? I was thinking that the risk is if you don’t lock the machine. Adding a pin to the vault would create another protection. Another possible vector of attack would be malware could use the password manager on the chromebox, but usually there aren’t a lot of chrome os malware.