I know that there is a recommendation to have two separate files (for the trust store and the server store)

The reason for such a recommendation is that you typically store only public keys and the related certificates of trusted CAs in the truststore, while the keystore is meant to store private-keys and the associated public keys (along with the related certificates).

When you start managing both as a single file, it is quite possible for any agent (a user or even application code) that has knowledge of the truststore password to read and modify the private keys of the keystore as well. This is not what you want, for private keys ought to be private by nature, and known only to a single entity (the one that owns the key).

Likewise, it is also possible for an agent to modify the truststore through the knowledge of the keystore password, to add certificates to the truststore. On it’s own, this may appear benign, but usually multiple clients can use the same truststore (like the cacerts file of the JRE), resulting in the scenario where one agent can poison the trust relationship (by adding the certificate of a malicious CA into the truststore) between a client and a server.

In reality, the recommendation is more of a defense-in-depth practice, unless your agents aren’t trustworthy (in which case you ought to be adopting several other practices).