Comment by userbinator

runtime layout of OpenSSL in RAM which is quite predictable on machines without defensive measures

I think this is also part of the problem, if it's just storing the keys in plaintext. I've analysed some protection systems which have gone to great lengths to make sure that this isn't the case - where keys are permuted, broken up into randomly-sized chunks, and scattered amongst other randomly generated data, all of which gets moved around in memory in a random fashion periodically. Some of the state required to obtain the key is outside the process.

Obviously this makes encryption/decryption operations a lot slower. "Security costs speed. How safe do you want to be?"