I know the risk that once my main OS (host machine) gets compromised theorically so does the VM.
This is not just theoretical. If the host machine gets compromised the VM has to be regarded as compromised too.
What if the host machine is Windows 10, my case and the VM I installed is a secure OS which cannot be accessed without typing the administrator password.
IF all of the critical data are ONLY stored inside a vhd (which is properly encrypted!) and you do NEVER decrypt this file on your pc, chances are high you would be fine.
But some attack vectors do still exist (e.g. buggy encryption implementation, some virtualbox exploit, ...). So this is not completely safe.
However, if you are referring to the windows password with 'administrator password', then this is absolutely NOT safe. Your virtual machine definitely will be compromised as soon as the host is compromised in this case.
Should be safe I think or not ?
There are quite some attack vectors.
Any backdoor (which gives an attacker full access to your machine) will reveal any secret information once you will boot your virtual machine.
You should not assume that you will instantly be informed once your machine gets compromised.
If your AV doesn't warn you (which it definitely won't if it is a proper 'self-made' malware), you will probably never realize that your system is compromised (until maybe your funds are gone).
If you want a proper secured setup either get a dedicated pc which only runs offline using linux, or a hardware wallet.
Your private keys have to be stored isolated from the online setup (which is effectively not done on a virtualized machine).
Running your wallet on a VM is definitely more secure than running it directly on your pc. But it is by far not secure enough to store amounts you are not willing to lose.
It just adds a small layer of protection (you basically assume the attacker is plain stupid and/or a script kiddie).