Related to the recent post about paranoid gpg settings it seems to me that mutt ought to use a scheme like gnupg which has support for using a pool of mlock()ed memory to store certain sensitive data like passwords and private keys so they won't get paged out to swap. mutt could use this for its cached PGP/GPG password. Maybe util/secmem.c from gnupg could be used (it's licensed under the same GPL license as mutt)? Note, that while mlock()ing memory generally requires a higher privilege than typical users get by default in most OS's some OS's like Solaris support granting specific privs like proc_lock_memory which avoids the security issues of setuid'ing mutt to run as root (I use this to give gpg proc_lock_memory priv).
-- Will Fiveash
