jdb:

My understanding is that this software actually over-writes the data on the hard disk, rather than merely deleting references to it in the directory. These days, with the hyper-high density of data employed, probably only a single re-write of data is necessary, although I was surprised when I heard that Bleachbit only did ONE re-write. https://en.wikipedia.org/wiki/BleachBit

Other than destruction, single pass is sufficient for routine end user purposes between end users. ie: hardware swapping, to wit (a) below. Suggestions otherwise need to involve a device still in common use and cite one of the following... For boring end users... a) the exact make model methodology of the test device that magically regrew said erased bits on its own. b) full business particulars including cost of the recovery service that recovered said erased bits, including make model of the test device. For the more tricky situations... c) survey of academic literature placing those academic solutions within time/money/favors of LEA (potentially operating under stingray type LEA secrecy contracts). d) they were an enemy of the state subjected to top secret recovery tools, time, and money that unavailable to LEA (who are essentially constrained to operate under (b or c) above). Lists seem to love to circlejerk about this while failing to provide whitepaper references and costs and threat models effective against hardware currently in use. When in doubt, encrypt by default and/or destroy.