Comment 3 for bug 1401454

Looks like no one cares about it. But I found a workaround. Digging through search engines and strings * |grep -i temp I found, that TEMP is mentioned somewhere in in the binaries. A short test shows, that following would be very helpful at least on Linux:

# cat /etc/profile.d/usertemp.sh
if [ ! -d /tmp/temp-$USER ]; then
        mkdir -m 700 /tmp/temp-$USER
fi
export TEMP=/tmp/temp-$USER

This script creates (if not already existing) a subdirectory in the /tmp folder with proper permissions and also adjusts the TEMP environment variable.

Now every attachement opened with thunderbird would be stored in /tmp/temp-$USER, no other user (except root) can see anything of the file name.