C# String Vs Secure String
Interesting articles on the subject at,
In summary, a string object is not the best place to keep sensitive information such as passwords, credit card numbers, etc. due to its nature of not being able to lock in one place of memory, immutability (results multiple copies if modified), and possible page swaps (sensitive data now in tmp files) (see 1). Use SecureString as a solution, but sometimes you may still want to get the unsecured string representation as some APIs still don’t support secure strings (see 2).
While at it, you may also like to read about reading a string securely from console,