There is this recommendation (implicit):
System Configuration and Access - Kicksecure chapter Use a Dedicated Host Operating System and Computer in Kicksecure wiki
(Whonix is based on Kicksecure.)
Recommends using a dedicated computer. By using a dedicated computer with different completely hardware and screen.
+ never have a local VM compromised because then the adversary could start a browser there to (in the background, without any user visible clues).
related: