Handle secrets (PINs, private key material, decrypted plaintext) more carefully
This includes zeroizing, and avoiding accidental log output for unsuspecting users.
Could consider:
https://docs.rs/secrecy/latest/secrecy/struct.Secret.html https://docs.rs/secrecy/latest/secrecy/type.SecretVec.html