First thought, if you have any influence over the governance policy, this rule is quite artificial and IMO I would recommend it not be enabled for reasons exactly like this since SecureString doesn’t provide much security and in many places you need the password retrieved from Orchestrator as a standard string. See 'Send SMTP Mail Message' Password - SecureString - #24 by AndrewHall
Second, if you can’t disable the rule, if you are able to upgrade to the 21.4 System activities package, turn on the “Show StudioX” filter in the activities panel and use the StudioX “Get Username/Password” activity. You can set this to retrieve the credential from Orchestrator, and the resulting output offers the Password as both a standard String and a SecureString so it can be used wherever needed without converting UiPath Community 2021.4 Stable Release
ashokkarale
MD_Farhan1
Ajay_Mishra
postwick
Dheerendra_vishwakarma
Anil_G
chandreshsinh.jadeja
Gautham_Pattabiraman
vrdabberu
aravindbalineni123