Oh yeah, good old macro trick. I think that there is a workaround for this but I am not sure. You could try to crash program and check variables in ST22. Anyway, it came to me that you can set up a trace for HTTP connections in SMICM that captures payloads. Hence all this protection won't prevent a malicious user from setting a trace and reading secret from a trace log.
It's really hard to protect against user with sufficient authorization and skills. You can accept the risk or move this whole thing into environment where you have more control (e.g. a simple Java app that gets a JSON document, updates it with secret and forward it to recipient of the message).
Cheers