Inside uROSocket.PasswordCallback the required SSL private key password is fetched via an event, converted to an UTF8 buffer, and then copied to the buffer for OpenSLL DLL to use.
Unfortunately, both the string and the UTF8 buffer are left as is and while their memory will be reused after the callback has ended, there exist an amount of time during which their content is still available in RAM.
To avoid this, it is customary to zero out the memory (or even scramble it) before exiting the function.
I have applied the following patch to my version, without any ill effect:
uROSocket.pas.zip (417 Bytes)
Hope this could be included in a future iteration.