When you plug in your USB, then you double click the executable on USB and it will ask you to unlock database with master password.
The database (a file with passwords) is protected from attacks and malware by design.
If you believe the target machine is infected, ex. with keylogger, the pwsafe has auto type feature, which doesn't require you to copy password into memory nor it requires you to type it into browser or anywhere else, you just right click your password entry and hit "Auto type"
And username/password is auto typed into online form and automatically logs you in.
If the browser is infected or if you visit a phishing site that could be a problem, that's why I would not use it on untrusted computers.
Good thing is that if you lose you USB drive, who ever finds it will not be able to steal your passwords.
Brute forcing is not possible because you can configure "unlock difficulty" which takes time to try another password if wrong one is typed, resulting in many years before the attack would succeed.