Inside the same process? Is this really a risk one can sensibly defend against? A malicious client can take your copy of the data, scan the entire memory space of the process for the other copy, and overwrite that.
Yeah, you are probably right. I mostly used managed languages for the last ten years or so and slowly start forgetting what unrestricted access to the entire address space even means. In a managed context not everything is lost if you have malicious code in your process, but then again it would probably be quite hard to make use of manual address space mappings there. So I retreat my position to making life a bit harder for malicious code if you avoid handing out pointers into your private data.
Inside the same process? Is this really a risk one can sensibly defend against? A malicious client can take your copy of the data, scan the entire memory space of the process for the other copy, and overwrite that.