Hi @fmsimoes, it’s not a bug and was built that way in vb.net or C# I guess.
The point of the SecureString is so sensitive data is not stored in plain site. I don’t think it was meant as a way to keep programmers 100% from being able to extract that data, since there are times when you need to use it as a string (but it won’t be stored as a string). I know there is definitely security concerns around it. I think though that there is enough auditing happening that using that data in a damaging way would be caught, and what’s the difference in just simply creating a robot to do all that anyway? So, you still need to follow your security guidelines either way.
also, I’m not an expert…