I have a password protected app which obviously requires a user password and from which I generate a hash. Although I read the password into a SecureString, I cannot hash it without exposing the raw string.

Code:
    Public Function MD5Hash(ByVal str As SecureString) As Byte()
        'Compute Hash
        Return MD5.ComputeHash(System.Text.ASCIIEncoding.ASCII.GetBytes(PtrToStringBSTR(SecureStringToBSTR(str))))
    End Function
Exposing the string defeats the object of securing it. Any ideas how I can get out of doing this? This is the only place in the entire app where the users data is exposed in this way.