I think this: CryptProtectMemory does exactly what the ts asks (sI was triggered because Terminal Server uses this API to crypt user passwords)

The CryptProtectMemory function encrypts memory to prevent others from viewing sensitive information in your process. For example, use the CryptProtectMemory function to encrypt memory that contains a password. Encrypting the password prevents others from viewing it when the process is paged out to the swap file. Otherwise, the password is in plaintext and viewable by others.

Various options are available:
CRYPTPROTECTMEMORY_SAME_PROCESS
Encrypt and decrypt memory in the same process. An application running in a different process will not be able to decrypt the data.

CRYPTPROTECTMEMORY_CROSS_PROCESS
Encrypt and decrypt memory in different processes. An application running in a different process will be able to decrypt the data.

CRYPTPROTECTMEMORY_SAME_LOGON
Use the same logon credentials to encrypt and decrypt memory in different processes. An application running in a different process will be able to decrypt the data. However, the process must run as the same user that encrypted the data and in the same logon session.