Clear C# String from memory
Your problem with this is that strings can move. If the GC runs, it can move the contents to a new location, but it won't zero out the old one. If you did zero out the string in question, you have no guarantee that a copy of it doesn't exist elsewhere in memory.
Here is a link to the .NET Garbage Collector, and it talks about compacting.
EDIT: here's your problem with the update:
// do stuff with the string
The problem is that once it leaves your control, you lose the ability to make sure that it's secure. If it was entirely in your control, then you wouldn't have the limitation of only using a string type. Simply put, this issue has been around for a long time, and no one has come up with a secure way of handling this. If you want to keep it secure, it's best handled through other means. Clearing out the string is meant to prevent someone from being able to find it through a memory dump. The best way to stop this if you can't use secure string is limit access to the machine the code is running on.
Aside from the standard "You're stepping into unsafe territory" answer, which I hope explains itself, consider the following:
The CLR doesn't guarantee that there is only one instance of a string at any given point, and it doesn't guarantee that strings will be garbage collected. If I were to do the following:
var input = "somestring";
input += "sensitive info";
//do something with input
clearString(input, false);
What's the result of this? (Let's presume that I'm not using string literals, and these are instead inputs from some environment of some sort)
A string is created with the content of "somestring". Another string is created with content of "sensitive info", and yet another string is created with content of "somestringsensitive info". Only the latter string is cleared: "sensitive info" is not. It may or may not be immediately garbage collected.
Even if you're careful to ensure that you always clear out any string with sensitive information, the CLR still doesn't guarantee that only one instance of a string exists.
edit: With regard to your edit, simply pinning the string immediately may have the desired effect - no need to copy the string to another location or anything. You do need to do it immediately after receiving said string, and there are still other security issues to worry about. You cannot guarantee that, for example, the source of the string doesn't have a copy of it in ITS memory, without clearly understanding the source and exactly how it does things.
You also will not be able to mutate this string for obvious reasons (unless the mutated string is exactly the same size as the string), and you do need to be very careful that nothing you're doing can stomp on memory that isn't part of that string.
Also, if you pass it to other functions that you didn't write yourself, it may or may not be copied by that function.
It's impossible to tell how many CLR and non-CLR functions your string passes through before it reaches your function where you're trying to clear it. These functions (managed and unmanaged) may create copies of the string for various reasons (possibly multiple copies).
You cannot possibly know all of these places and clear them all so realistically, you cannot guarantee that your password is cleared from memory. You should use SecureString instead but you need to understand that the above still applies: at some point in your program you will receive the password and you'll have to have it in memory (even if just for a short duration while you're moving it into a secure string). This means that your string will still go through chains of function calls that you don't control.