Does the client overwrite the decrypted keys (a) when the client "locks" after the specified period and (b) before the client exits?
Yes, looks like it does to me.
I recently found a bug in the unlocking code. If you ask it to unlock for too many seconds, it instantly relocks. I would suggest never using more than a 9 digit number of seconds to be on the same side.
As an example, try unlocking for 2^31 = 2147483648 seconds and it will instantly relock, but unlock for one less second than that and it works.
The same thing happens in Bitcoin Core, but only when you get up to around 2^63/1000 seconds, which is a much bigger number. I reported it here:
https://github.com/bitcoin/bitcoin/issues/12100