Private keys should be cleared from memory after usage if possible. Investigate what cryptography.io and other projects are doing about it.
Bug watches keep track of this bug in other bug trackers.