不可变性与安全性并没有那么紧密的联系。为此，至少在。net中，你得到了SecureString类。

稍后编辑:在Java中，你会发现GuardedString，一个类似的实现。

这主要是出于安全考虑。如果您不能相信您的字符串是防篡改的，那么保护系统就困难得多。

至少有两个原因。

第一-安全http://www.javafaq.nu/java-article1060.html

The main reason why String made immutable was security. Look at this example: We have a file open method with login check. We pass a String to this method to process authentication which is necessary before the call will be passed to OS. If String was mutable it was possible somehow to modify its content after the authentication check before OS gets request from program then it is possible to request any file. So if you have a right to open text file in user directory but then on the fly when somehow you manage to change the file name you can request to open "passwd" file or any other. Then a file can be modified and it will be possible to login directly to OS.

第二-内存效率http://hikrish.blogspot.com/2006/07/why-string-class-is-immutable.html

JVM internally maintains the "String Pool". To achive the memory efficiency, JVM will refer the String object from pool. It will not create the new String objects. So, whenever you create a new string literal, JVM will check in the pool whether it already exists or not. If already present in the pool, just give the reference to the same object or create the new object in the pool. There will be many references point to the same String objects, if someone changes the value, it will affect all the references. So, sun decided to make it immutable.

线程安全和性能。如果一个字符串不能被修改，那么在多个线程之间传递引用是安全且快速的。如果字符串是可变的，则总是必须将字符串的所有字节复制到新实例，或者提供同步。一个典型的应用程序在每次需要修改字符串时将读取字符串100次。参见维基百科关于不变性的内容。

一个因素是，如果字符串是可变的，那么存储字符串的对象必须小心地存储副本，以免它们的内部数据在没有通知的情况下发生变化。鉴于字符串是一种相当基本的类型，就像数字一样，即使它们是通过引用传递的，也可以把它们当作是按值传递的，这是很好的(这也有助于节省内存)。

实际上，字符串在java中是不可变的原因与安全性没有太大关系。主要有以下两个原因:

Thead安全:

字符串是被广泛使用的对象类型。因此，它或多或少可以保证在多线程环境中使用。字符串是不可变的，以确保在线程之间共享字符串是安全的。拥有一个不可变的字符串可以确保当线程A将字符串传递给另一个线程B时，线程B不能意外地修改线程A的字符串。

Not only does this help simplify the already pretty complicated task of multi-threaded programming, but it also helps with performance of multi-threaded applications. Access to mutable objects must somehow be synchronized when they can be accessed from multiple threads, to make sure that one thread doesn't attempt to read the value of your object while it is being modified by another thread. Proper synchronization is both hard to do correctly for the programmer, and expensive at runtime. Immutable objects cannot be modified and therefore do not need synchronization.

性能:

虽然已经提到了字符串实习，但它只代表了Java程序内存效率的一小部分提高。只有字符串字面量被存储。这意味着只有源代码中相同的字符串才会共享相同的字符串对象。如果你的程序动态地创建了相同的字符串，它们将在不同的对象中表示。

More importantly, immutable strings allow them to share their internal data. For many string operations, this means that the underlying array of characters does not need to be copied. For example, say you want to take the five first characters of String. In Java, you would calls myString.substring(0,5). In this case, what the substring() method does is simply to create a new String object that shares myString's underlying char[] but who knows that it starts at index 0 and ends at index 5 of that char[]. To put this in graphical form, you would end up with the following:

 |               myString                  |
 v                                         v
"The quick brown fox jumps over the lazy dog"   <-- shared char[]
 ^   ^
 |   |  myString.substring(0,5)

这使得这种操作非常便宜，O(1)，因为该操作既不依赖于原始字符串的长度，也不依赖于我们需要提取的子字符串的长度。这种行为也有一些内存好处，因为许多字符串可以共享它们的底层char[]。