Notes about encryption/decryption in Windows PowerShell, Secure Strings vs. Encrypted Standard Strings, and some PowerShell code tips.
The ConvertTo-SecureString and ConvertFrom-SecureString cmdlets based their encryption key on the identity of the user logged in. … It allows me to encrypt a string and save it to a file but prevents anyone else from reading the same file and decrypting the same string. A system wouldn’t be very secure if anyone could come along and decrypt files that others had encrypted.
The point of converting your password to a SecureString and storing it in a file is to 1) keep it out of plain text in your scripts so that it’s not as easily discovered and 2) only allow the user who created the password file to decrypt the password in it. This will not stop anybody who can logon to Windows with your credentials and knows PowerShell from decrypting your password. It’s not foolproof, but it’s pretty good.