I've been wondering the same thing myself, the passwords logically are to encrypt/decrypt files depending on the operation you're performing. e.g. when doing genrsa, you're encrypting the output file, the private key.
In other examples, perhaps generating a certificate from a CSR you need to decrypt the input file (the private key) with a password. I can't think of any concrete examples of which commands would require decrypting the input file and encrypting the output file but I think the passin, passout arguments have been separated to facilitate this.
To conclude:
passin - password to decrypt the input file
passout - password to encrypt the output file