3.9 Clear Text Passwords in Swap File
Apple’s Security Framework does not use mlock() or equivalent to prevent passwords to be
swapped to disk. Therefore it is likely, that user passwords and other passwords from the
Keychain will be written to the swap file in clear text. You can verify this on your own Mac by
typing:
sudo strings /var/vm/swapfile0 |grep -A 4 -i longname

longname
Sart
password
XXXXX... (xxxxx... means password in clear text)
shell
--
longname
ogin.done
XTUM
password
XXXXX...
--
longname
XTUM
password
XXXXX...
XTUM

Enabling "secure virtual memory" in SystemPreferences->Security should deal with this.

There is a reason why only root has access to the swapfile. This problem exists on any platform, I think, as long as the swapfile is not encrypted.
Probably system passwords can be prevented from being swapped out, but any application which holds passwords is prone to be swapped out anyway.