The Drag to save Mail attachments in Terminal hint reveals a security hole in Mail.app for FileVault users. When you drag an email attachment from a Mail message window to a Finder window, a temporary file is created in the hidden directory /private -> var -> tmp -> folders.UID -> TemporaryItems -> com.apple.mail.drag, where UID is replaced by your numeric user ID. This copy of the attachment is not encrypted. The temporary file will be automatically deleted at the next startup, but anyone who has physical access to the machine before then can easily retrieve it. Even after the file is deleted, it may be recoverable with a low-level disk editor. This defeats the pupose of FileVault.
I confirmed that when you save an attachment by clicking the Save pop-up menu in the Mail message window that no temporary file is created. So anyone who uses FileVault security (or, like me, keeps their whole /Users directory on an encrypted disk image) should not drag attachments from a Mail window, if privacy of those attachments is a concern.
Mac OS X Hints
http://hints.macworld.com/article.php?story=20061221082707265