A new feature in Whidbey will allow strings to remain encrypted in memory until they are read. Because strings that contain sensitive information are managed by the .net CLR in the same manner as all other strings, sensitive information could potentially be exposed. Read Shawn Farkas .net security blog for details about the potential vulnerabilities of senstivie information being stored in strings and the new feature of Whidbey found in System.Security.SecureString that targets these issues.