Having sensitive data in swap is no better than having it on a normal partition. If you employ encryption, you can do it the same way for both swap and regular file systems (you could even use random keys for /tmp and create the filesystem on boot), so nothing's gained (w.r.t. confidentiality) by using tmpfs for /tmp.
Regarding /var/tmp: A usual policy is to clean files older (mtime) than 7 days. AFAIR this has been default on Debian potato. -- Temporary /tmp and /var/tmp https://launchpad.net/bugs/18661 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
