winscp is a very comfortable way of securely transferring files. Many thanks to the people who wrote it and posted it on the web. Great Software.
There seems to be one minor issue creating a local security-breach: the files that are downloaded are cached in the users TEMP-Dir during transfer.
This is a serious problem when using WinSCP on public computers, internet-cafes, university etc.
Only after transfer the file is copied to the target-directory.
This means that it is very difficult to securely get rid of the file later.
Secure deletion of the target copy is easy but then the cached copy is still there. This may means that anyone using the PC after me will be able to read my files, unless I 1. remember to delete the cached copy AND 2. know that it exists AND 3. know where to find it.
This is a trivial but rather annoying issue that actually got me to use commandline sftp instead of the otherwise very helpful WinSPC.
Therefore I believe that WinSCP should _always_ use the target-directory for caching.