Although this article was posted years ago, I just came across it and it's still worth reading.
How can a program be exploitable by an attacker, even after it's been deleted?

The answer is given here.