Is there any benefit to using SecureString in ASP.NET?
If I understand correctly, this is for keeping plain text out of memory, so that the app is secure against esoteric attacks on memory, the garbage heap, or memory paged to disk. The SecureString is fed unmanaged bytes and consumed one unmanaged byte at at time–then the string is erased from memory. (Correct me if I way off!)