The leaks you have noticed are not leaks actually. SecureBlackbox creates several global objects that must reside in memory until the application terminates (cryptographic core objects). When the process is destroyed, the objects are freed by the operating system anyway.

We do not destroy the objects manually (in finalization sections), as this might cause certain problems with multithreaded applications. Delphi provides no guaranteed way to detect the sequence of execution of the finalization sections of different units, so there can be a situation in which some object attempts to access a core object after the latter has been destroyed.

If you need to use the components within a DLL (that can be unloaded without the termination of the host process), use the SBUtils.CleanupRegisteredGlobalObjects function to release the memory allocated for the core objects. Actually, you can use it not only from a DLL but from a generic application too; however, as mentioned, we do not recommend it, as using this function can lead to hard-to-trace bugs and crashes on application shutdown.