i've heard lots of ppl saying /tmp directory must be secured, such as noexec and nosuid, but not sure why?

/tmp is not the only directory in linux, what's so special about it and must do some specific instruction to secure it?

what i read from admin0:

Almost all of the exploits found freely in the internet accessible to general public, target /tmp as an ideal place to write/compile exploits, and recently some new exploits target /var/tmp. Thus, securing your /tmp and /var/tmp is recommended!
i thought if someone really intend to hack the server, he doesn't have to put his scripts in /tmp. any directory should do, isn't it?



thank you.