Having sensitive data in swap is no better than having it on a normal partition. If you employ encryption, you can do it the same way for both swap and regular file systems (you could even use random keys for /tmp and create the filesystem on boot), so nothing's gained (w.r.t. confidentiality) by using tmpfs for /tmp.
Regarding /var/tmp: A usual policy is to clean files older (mtime) than 7 days. AFAIR this has been default on Debian potato.
Having sensitive data in swap is no better than having it on a normal partition. If you employ encryption, you can do it the same way for both swap and regular file systems (you could even use random keys for /tmp and create the filesystem on boot), so nothing's gained (w.r.t. confidentiality) by using tmpfs for /tmp.
Regarding /var/tmp: A usual policy is to clean files older (mtime) than 7 days. AFAIR this has been default on Debian potato.