regex replacement returns stale data

I've got an application which composes snippets of XML and sends them over the wire. The app can display the snippets for debugging purposes, and the snippets contain sensitive passwords, so on their way to the view class, I use RegexKitLite to substitute a constant string, like so:

NSString *sanitized = [unsafeString stringByReplacingOccurrencesOfRegex:@"<Password>(.*)</Password>" withString:@"<Password>[Password]</Password>"]

This worked nicely, until I noticed that my XML snippet viewer could be provoked into showing the wrong snippet, but only in cases where the prior two or more strings passed consecutively to RKL contain similar data.

For example, I'll have a snippet like this, which is simplified but reproduces the problem:

<XMLPayRequest Timeout="45" version="2.0">
<RequestData>
<Transactions>
<Transaction Id="999999">
<Password>sekrit</Password>

Followed by a snippet like this, which differs only in the ID attribute, unaffected by the regex:

<XMLPayRequest Timeout="45" version="2.0">
<RequestData>
<Transactions>
<Transaction Id="000000">
<Password>sekrit</Password>

If I run the above regex on these two examples in order, RKL will return strings which correctly obfuscate the password element, but contain the "999999" ID in both cases. If I run them in the reverse order, RKL will return the "000000" ID with both.

If I strip off the XML preamble, or any of the first three lines before the Transaction element, or add a digit to one of the numeric IDs, RKL correctly returns varying ID attributes.

I couldn't make much headway tracing RKL's execution, but I do have a test case attached. I'm using RKL 3.1 on 10.6.1 and 10.5.8. Thanks.