This is not really accurate, it stores keys as securely as it is able to. Also the heap is not inherently insecure - it depends on other factors such as network isolation, user permissions, containers and other kernel protections.
Many things like https and ssh servers store secrets on the heap when they are in use.
Many things like https and ssh servers store secrets on the heap when they are in use.