> [was] special care was taken to avoid that the private key shows > up plain-text in memory ?
Yes, it was. Look at the code: the memory is explicitly zeroed after use. In Stan, it even went to the point that the memory management calls -- nss_ZAlloc, nss_ZFreeIf, nss_ZRealloc -- are only available in "zero the memory" variants (that's what the "Z" is for). Of course, do note that if someone has the ability to scan your program's memory, you are already in trouble. If your operating system makes you particularly vulnerable, you should be aware that you are particularly vulnerable.
