Yes, it is true that merely 'deleting' a file does not make it truly go away. The space is merely marked as available to be overwritten. The file is still there and completely readable, until it is actually overwritten with something else.
In fact... to be really, truly gone, those blocks on the hard drive must be overwritten multiple times.
There are good freeware programs out there that will do an NSA-quality job of fully deleting blocks. One is called "Eraser", and it is googlable. Eraser, and programs like it, will erase "free space" on the disk by writing random data and erasing it up to 27 or so times.
At that point... the stuff is gone.
I headed up a project in the early nineties to provide an disk declassification program for the department of defense. At the time I worked for a fortune 500 company that made disk drives.
The problem we were trying to solve was that secure organizations could not get "exchange" mechanisms, because they had to send in the bad one that had classified data on it.
The software was eventually certified by the department of defense; however it was largely unsuccessful because of the time it took to declassify a mech. We were dealing with 150 MB scsi drives and it would take greater than 40 hours.
We also had access to the drive firmware, and part of the operation was doing a "write with offset". A write with offset miss positioned the heads by a quarter of a track on each side to over write residue fields that would be left over (that could still be read) during a normal write.
True, our stuff was approved for top secrete, but it's mot clear to me that any software you could buy to erase a drive today would work. At least to the standards we were held to.
In those days mach’s cost was over $1000, and it didn't pay to declassify a 150 MB mech. The best thing to do is to take a hammer to the mach’s platters.