You should never, ever just generate a temporary file name, unless you’re going to write into a secure directory. A secure directory is one that no one else can write into (except root) and the same holds for all parent directories (or the sticky bit is set). Otherwise, you open yourself up to race attacks.

Temporary filenames in sticky directories (e.g., /tmp) are only safe to use as long as the file itself exists. Once the file is gone, the name isn’t usable either. Suitably paranoid code would check that the directory is sticky before creating the file and using the name.

In general, all of this means you should write code that never looks at, or cares about, the name of a temporary file. If you care about the name, you must be very careful. In those cases, it’s probably easiest to securely create a temporary directory, then create the files in there.

This code:
“mkstemp(dir=os.path.join(gettempdir(), ‘myscratchfiles’))“ is insecure because someone else could make myscratchfiles into a symlink. It could be used to write a temporary file into an attacker controlled place, which opens you to attack if you reuse the filename (i.e., close the descriptor and open the same name again). Likewise, your last paragraph is only safe because you use mkstemp and not one of the other functions.

The simplest way to ensure temporary files and directories get cleaned up is to just use tempfile.TemporaryFile where appropriate, or a context manager when not appropriate. If you’re finding management of temporary files difficult, then you’re most likely structuring your code incorrectly.

class cdinto(object):
def __enter__(…)
-> create the temp dir
def __exit__(…)
-> remove the leftovers

and wrapping the main with:
with cdinto() as tmp:
main()

Much easier;)