I'm very surprised this issue hasn't been discussed in-depth:
This article tells us how to use windbg to dump a running .Net process strings in memory.
I spent much time researching the SecureString class, which uses unmanaged pinned memory blocks, and keeps the data encrypted too. Great stuff.
The problem comes in when you use its value, and assign it to the SQLConnection.ConnectionString property, which is of the System.String type. What does this mean? Well...
If you control a machine to the extent that you can read another process's memory, you can also replace the reference to the SecureString class with a reference to
string. You'll have access to any private keys that the other process can use.
There is no defense against a hacker that owns your process memory. :)