Key-strokes are passed to the VM in a clear-text memory buffer, which allows for implementation of passive surveillance.
While you can rest assured the console will never be monitored voluntarily, such actions could be legally compelled, so I recommend using it sparingly and changing any credentials entered via secure shell when you're done.
User passwords may be changed with the command passwd while logged in as
that user.
LUKS pass-phrases (if configured) may be changed with the command rekey
from a root shell or using sudo.
If this message is not displayed, you should consider the console compromised.