Personally, I usually su to root (why not enable root if you are nuking the system anyhow?) and cp -pr the contents of the /bin directory to a new directory I create called /zzz in terminal.app. Since commands like rm generally run from 0-9 & a-z, the /zzz directory will likely be one of the last directories removed and thus run for much longer than if you run it from /bin. The rm command and it's dependencies will theoretically be some of the last files deleted from the disk. Anyhow, from there I run /zzz/rm -drf /* (or to be really thorough: rm -drfP, though it sometimes just dies with the P flag). You can do other variations, like rm -drf /*.* or whatever. Eventually, after a really long time, the system will just quit running and will be pretty tough for anyone to recover without some serious effort. Some folks like to boot off a Linux flash drive and just format over the whole disk or write out the contents of /dev/random to the disk, but that's a bit more involved sometimes.
You can also just go old school and use the manual zero method:
dd if=/dev/zero of=/dev/disk0s2 bs=1M
The dev/disk0s2 is whatever your boot disk is when you type df:
Filesystem 512-blocks Used Available Capacity Mounted on
/dev/disk0s2 235298960 123042408 111744552 53% /
devfs 370 370 0 100% /dev
map -hosts 0 0 0 100% /net
map auto_home 0 0 0 100% /home