Maybe there is some CPAN module for this, but I don't think you can do this securely in standard perl. In your own C/XS code you can at least be certain to override overwrite the memory locations.

Tk itself might also be problematic - this is probably true for all user interface code - say if you print to STDOUT you have no way of knowing all traces will be erased after your program is done with it.

In the end I think (on UNIX at least) you just can't protect yourself from the super user, but you'll be reasonably safe from other users by default as long as you don't write your data to accessible files / open X clients etc.