In here YAC developer sairon said
it still is just security through obscurity as the private keys have to be decrypted anyway for PoS to work. One just has to extract them from the process memory and then steal the YACs. Tho it could be useful if you have the RPC interface exposed (which you shouldn't anyway :P).
Since YAC inderitated POS code from PPC through NVC, I guess the private key is constantly in the memory as long as you are minting POS. This is not only related to POS because when you decrypt a wallet of any crpto all private keys are in plain text stored somewhere in the memory. But POS coins tends to have the keys decrypted all the time according to above quote.
I haven’t tracked how secure the operating system protects private processes’ memory in the last, well, 15 years or more. Can someone confirm that for a hacker to access private memory takes more effort than to plant a Trojan horse and copy your keystroke?