Update "Persist Security Info" parameter description

[vonzshik]

The current description is quite misleading

[roji]

Do we actually log the connection string (with the password) in logging? If so I think that's pretty questionable even when Persist Security Info is enabled... I'd prefer to review and remove this behavior...!

In my mind, this parameter was (at least originally) purely about whether reading NpgsqlConnection.ConnectionString returns the full connection string including the password (once the connection has been opened) - I don't think that it was about logging/tracing originally.

Final nit: is there anything other than the password that's actually covered here? If not, we can remove "such as the password" etc.

[Brar]

My interpretation of this feature is that it comes from the OleDb C++ ages where you could really connect to a database and then (given pooling is disabled) zero out the password string after establishing a connection and then the password would really be gone from memory(-dumps).
It has never worked this way in .NET (at least for Npgsql) and reflection and the inability to zero out strings in a garbage collection environment pretty much defeat the purpose.
See the discussion about SecureString (which could work in theory but only if you read a string into unmanaged memory char by char because otherwise the string would always end up in the managed heap).