Since a String class, is immutable and when it is not needed, it cannot be programmatically scheduled for GC or in other words, it is not possible to predict when it will be deleted from the memory that can be a security risk especially if the string contains sensitive information such has credit card numbers, passwords, etc. This is where a new class in .NET 2.0 which ships with Visual Studio 2005 called SecureString comes in. It represents text that should be kept confidential and is encrypted for privacy when being used, and deleted from computer memory when no longer needed.
A SecureString is similar to a String in that it has a text value, but, the value of an instance of the SecureString class is automatically encrypted, can be modified until your application marks it as read-only, and, when no longer needed, it can be deleted from computer memory by either your code or the GC. The value of an instance of SecureString is automatically encrypted when the instance is initialised or when the value is modified. Your code can render the instance immutable and prevent further modification by invoking the method.
Note: SecureString has no members that inspect, compare, or convert the value of a SecureString. The absence of such members helps protect the value of the instance from accidental or malicious exposure.