I have to admit to worrying about this a couple years ago when my personal desktop gave up the ghost. I had TurboTax documents on it and probably a bunch of other stuff I didn't want anyone to see (ok, I definitely did). My solution was to open up the system, remove the hard drive and then beat the drive to a pulp with a hammer. Neanderthalic, but effective - and oddly cathartic.
It's probably not reasonable to flatten every hard drive you retire from your enterprise - though I highly recommend leveling a few yourself. There's plenty of software out there that will wipe the drive and then write and rewrite bit patterns until you tell it to stop. Simply hitting the delete key is certainly not enough, and the more sensitive the data the more you should make sure that even the forensics folks can't read the drive. They're not all white hats.
Now this notion of seeing what you can find on used systems sold on eBay is another matter - of course no one reading this blog would troll for credit card numbers or other personal information, but maybe Rush Limbaugh could pony up a few mil for anyone who can find his old Oxycontin prescriptions... It's all good clean fun.