When you create the virtual server in virtualmin, you can point the root (home directory) to any location. Say you wanted to use /var/www/html/phpMyAdmin as the root then you simply indicate that when you create the virtual server.
I guess because I have gotten used to never installing phpmyadmin inside public_html for security reasons, and now I find it free of charge dangerous. Above all I would appreciate that later it will be allowed to install it outside where you host the website.
The short answer to your question is that because Virtualmin sets up Apache to host many domains instead of just one, every site must have a VirtualHost section. The “default” site doesn’t exist in an Apache configured for virtual hosting.
So, create a VirtualHost that points to wherever. I still think it’s a mistake and you’re making decisions based on superstition (it is not more secure), but that’s how you do it
What about just creating a Sub-Server as a subdomain of one of your FQDN’s? That puts it’s root in a whole new directory space than the rest of your operation. Use the script installer to populate the subdomain, or do git install to it. Use the Virtualmin database server to give your user permission to access the databases you want handy with a specific login and all should be well.
You can use Protected Directories (in *Services) to password protect any directory, and you can add IP-based restrictions and lots of others in Services->Configure Website and then add or modify Per-directory options. This opens a big form that provides the ability to add IP-based access controls, etc.
Those other panels don’t have their own database administration tools built-in. With Virtualmin phpmyadmin is an optional addition. Some people like phpmyadmin better or are just used to it, so they install it and maybe make it available to all customers. Some people like the built-in MySQL and PostgreSQL UIs and just use those.
I’ve never used phpmyadmin beyond testing to make sure it works when installed by Virtualmin.
But, it has nothing to do with security. If anyone tells you otherwise, they don’t know what they’re talking about.