this is correct, the Nitrokey 3A Mini (and e.g., also the Nitrokey FIDO2) are designed to be always plugged in. This is generally the plan and the touch button explicitly serves as a security mechanism.
Let’s assume the worst-case, someone has control over you computer and tries to login into some FIDO2 secured website, after requesting the login, the Nitrokey will request a “user presence” (i.e., a button press on the token) in order to confirm that you want to login into this website. Without the “user presence” check the website won’t receive the information needed for the login, thus no login may occur.
The firmware of the Nitrokey 3 Mini is designed so that this user presence is always (at least) necessary, on top various variants can be implemented by the website (check https://webauthn.io/ for some) to increase the security level, like also asking for the PIN or deploying a so-called ResidentKey.