The solution I have for securely erasing storage for an instance is to control where that instance can be allocated, and to make the clearing of space on destruct to be the responsibility of the allocator (who still owns the memory and has it in its lifetime), not the object. The object itself cannot do it, but the allocator can.

Not 100% a fix for secure types though, since they can still be swapped out, held in registers during process swaps, or seen by external processes. Two of these three can be fixed with OS-specific calls, the last needs compiler and OS support to do. Might be a paper at some point.