IIRC the Spotlight metadata is stored per-volume, so if you for example mount an encrypted DMG or external disk the metadata for files on that volume are stored on the same volume. This way you can have separate volumes for things with different classifications, and information doesn't leak from one to the other via Spotlight.
If you strongly need full privacy separation between contexts, set up a virtual machine for your confidential work, and encrypt that. Then you can monitor what crosses the security boundary yourself, and deleting the VM means the data and any possible fragments of that data generated by nosy operating system features are gone.
Side note: Check out Finder's advanced preferences for 'Empty Trash Securely'. Additionally, I believe the swap space is now encrypted by default on Lion (at least for laptops), even if you don't have full disk encryption enabled.
If you strongly need full privacy separation between contexts, set up a virtual machine for your confidential work, and encrypt that. Then you can monitor what crosses the security boundary yourself, and deleting the VM means the data and any possible fragments of that data generated by nosy operating system features are gone.
Side note: Check out Finder's advanced preferences for 'Empty Trash Securely'. Additionally, I believe the swap space is now encrypted by default on Lion (at least for laptops), even if you don't have full disk encryption enabled.