Secure /tmp /dev/shm /var/tmp ???

What can they be chmod to and still function for the apps that need to be able to write to them?
That depends entirely on what user the processes are executed as. The best solution would be to give each its own user account, make them the owner and disallow everyone else.