A friend of mine pointed to this security issue, though it's not very likely to happen.
Having passwords leak into swap memory is a potential security risk, as swap memory is open to more attack vectors than RAM is.
The following module has a way of keeping certain parts in RAM via C functions and malloc, ForeignPtrs, etc.
EDIT: after mlock is also implemented, that's something they're still working on, apparently

This will need a lot of testing to make sure nothing crashes etc. But is a nice to have at some point.

EDIT: We're probably not gonna be able to keep everything out of swap memory anyway, since we need Haskell ByteStrings to use the cryptonite functions (or if passwords come in through JSON, it's already potentially in there). So this might just keep it out of swap memory a.m.a.p.
Definitely needs an effort vs. gain analysis.