preventing a string that is not-secured from written somewhere because the same string is secured elsewhere makes it possible to detect the existance of a secured string. that is what i see as a danger and like to avoid.
I think you are confusing different features now. How would the owner of a non-secure reference to the string be able to detect if the string is prevented from being written to swap? You probably think about the (suggested) hiding of the string in sprintf("%O"). And it was precisely because of the danger you talk about that I said that this feature can not be implemented with the current secure bit, but would need something added to the svalue instead (text 16616268).
and to reiterate, my point is that _if_ a secured and a non-secured string are unrelated then having one version of it in swap (or written out with %O) can't do any harm.
And my point is that, as far as swap-lock (or zeroing) is concerned, having them non-shared will not do any good either.
For the %O issue, having non-shared strings could be a solution, but there are also other possible solutions, which do not break the ubiquitous assumption that strings are shared.