Configuration with a SecureString actually secure?

Question

In one of my code reviews I stumbled across an interesting implementation of SecureString. Logically to hide the values in memory has merit, but my understanding of IConfiguration is that when injected and built via the ConfigurationBuilder a copy exists in memory already for usage. So the SecureString though is hiding the clear text values, the configuration access automatically negates the cipher text.

Is my notion is correct, really the value is insecure and should not even use SecureString because it is not secure to begin with-

public class Sample
{
     private readonly SecureString secret;
     public Sample(IConfiguration configuration) => secret = new NetworkCredentials(String.Empty,
          configuration.GetSection("Api:Credentials")["secret"]).SecurePassword;
}

Answer 1

Basically in the documentation it's mentioned:

Overall, SecureString is more secure than String because it limits the exposure of sensitive string data. However, those strings may still be exposed to any process or operation that has access to raw memory, such as a malicious process running on the host computer, a process dump, or a user-viewable swap file. Instead of using SecureString to protect passwords, the recommended alternative is to use an opaque handle to credentials that are stored outside of the process.

On some platforms it is not even implemented. It is even turned into a string in the .net framework at some point, so why is it there? Does it make sense to use it?

On you comment:

Is my notion is correct, really the value is insecure and should not even use SecureString because it is not secure to begin with-

It does make sense to use it. It doesn't make sense to consider the value 100% safe, it just adds an extra layer of security.

It does limit the exposure and this is something we should strive for while secure coding.

Some perfectly valid reasons to use it can be found in this excellent answer here: Is SecureString ever practical in a C# application?

One more scenario that I can think of: If you use some kind of remote key storage like azure key vault, it makes even more sense to use it.