Additionally, strings in Java are reserved in a special area in heap memory called the String Constant Pool. When a string is declared in your program, a String object reference is created in stack memory, and additionally, a String object with the string value is created in the heap. The intention of this is for string reusability, but a consequence is that there is a good chance that the string will remain in memory for a prolonged period of time. This is an even bigger security threat.