1) How secure is the blowfish encryption?

2) In the secure scheme I have for some of my apps, the app reads the security file and as soon as the username/password is validated, the password is set to an empty string to remove it from memory. But, the user's security privilege is not because I have to reference it frequently in the program to determine what the user has access to. I'm assuming it wouldn't be difficult for someone to hack the memory and upgrade the user's privileges if they wanted to. So what I'm looking for is a way to either prevent memory hacks or maybe a better scheme keep track of what privileges the user has without leaving it in memory.