Question: How secure is storing the secret.tomb file along with they key file relying only on password?

[NickEckardt]

(Not sure if submitting an issue is the right place to ask this, feel free to direct me elsewhere)

I'm trying to understand what the purpose of a separate key is in the implementation of tomb. The REAME states that "one always needs both the tomb and the key, plus its password, to access [the data in the tomb]." Does this if the attacker has both the secret.tomb file and the secret.tomb.key file but not the password, they would still be unable to access the data?

The reason I'm confused by this is that if this were true couldn't we store the key and the .tomb file as one combined file? For example we could use the first X bytes to store the key. Then the command
tomb dig -s 100 secret.tomb
could ask for the password directly, automatically generate the secret.tomb.key and append it to the secret.tomb file. The steps of

tomb forge secret.tomb.key
tomb lock secret.tomb -k secret.tomb.key

wouldn't be needed anymore. That would simplify the workflow for users, so I assume there's a reason we store the .tomb.key separately. Is there a security reason we store the key separately from the secret.tomb file or am I missing something?

Thanks!