C11 actually adds the memset_s function, which is guaranteed by the language spec not to be optimized away:

> memset may be optimized away (under the as-if rules) if the object modified by this function is not accessed again for the rest of its lifetime. For that reason, this function cannot be used to scrub memory (e.g. to fill an array that stored a password with zeroes). This optimization is prohibited for memset_s: it is guaranteed to perform the memory write.

http://en.cppreference.com/w/c/string/byte/memset

Except, of course, that memset_s is still not enough.

The compiler can and will copy things around, and it is not required to memset_s said cop(y)/(ies) away.