env::remove_var already doesn't remove environment variables from memory:
$ cat > env_test.rs <<EOF
extern "C" { fn getenv(s: *const u8) -> *mut u8; }
fn main() {
let secret_addr = unsafe { getenv("SECRET\0" as *const str as *const u8) };
std::env::remove_var("SECRET");
loop {}
}
EOF
$ rustc env_test.rs -g
$ SECRET=my_secret_var gdb ./env_test
(gdb) run
^C
(gdb) p secret_addr
$1 = (*mut u8) 0x7fffffffefc7
(gdb) p 0x7fffffffefc7 as &[u8; 13]
$6 = (*mut [u8; 13]) 0x7fffffffefc7 b"my_secret_var"
