Unless somebody's already put it there, I'm going to move these suggestions to a wishlist bug against systemd. Not sure if it should be one bug or a few, one for each suggestion.
Currently discussion about reaping /var/tmp/ is in https://bugs.debian.org/966621 and https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1870585 but these are discussing "should we turn on /var/tmp/ reaping" rather than "if we do turn it on, should we take measures to make it safer".
