It runs in process tho, so it would have had the exact same result with heartbleed. Its keys need to be readable to that user, so exploits like http://blog.detectify.com/post/82370846588/how-we-got-read-a... would also still leak your private keys. So no net win here unfortunately.

opencryptoki has a softhsm too, but again, it appears to run in process. Same problems.

Is SoftHSM meant for production use? I get a feeling it's not (but am not lure), based on this sentence:

> You can use it to explore PKCS #11 without having a Hardware Security Module.