How should a front-end handle a stored passphrase

[elf@florence.buici.com]

I am revisiting a program I started about three years ago.  As it may
sign more than one file during an execution run, it asks the user to
enter the passphrase which it later passes to gpg using a file
descriptor.  The descriptor prevents the passphrase from appearing on
a command line or within a file.  Still, the passphrase is stored in
memory during program execution.  Is there some precation I should
take with how it is stored?