Go Driver: SCRAM passphrase security

Hi all,

When using the go-driver to connect using SCRAM authentication, the passphrase is given as a string (as opposed to a []byte) meaning there is no way to zeroise the memory once the connection is closed. Is this seen as an issue?

Also is there any perceived security concern with the driver holding on to the passphrases in-the-plain throughout that duration of the pool’s lifetime?