You need to use write_volatile instead of write_bytes or the clearing might be optimized away.

E.g. if you take a look at how the C argon library uses password clearing you will see that they
first try to use some special "secure clear/set memory functions" (which might happen to be faster but mainly are more idiomatc). And if they a not defined it uses volatile memory writes.

PS:
Clearing secret keys might also be affected.

So does this mean that the passwords could/would remain in memory?...

Thank you for that information. I am currently working on an application where security is very important. I cannot afford to cut any corners when it comes to things such as authentication/authorization.

Do you think that I would be better off going with something like PBKDF2, bcrypt or scrypt? I think that if I should not use argon2 (yet), then PBKDF2 is my next best bet.

However, you also mention that there may be other points of failure such as the IO/HTTP libraries that the password data is passing through so I wonder if my worries are in vain.

Thanks!