Regarding permissions: set it to 700; Of course, root can always read it, so don't decrypt anything unless you trust root enough.
`Secure folders': give them 700 too.
Secure deletion of temporary files: make a hard
link to them (so they won't get unlinked by the creating program), wait for the refcount to go to 1, then shred(1) the file. Don't allow other users to tamper with the hard link, of course.
If the program unlinks the directory entry after creating the temporary file, you're screwed though