Obviously, a recipient could make a copy of the note upon receipt, so sending notes that self-destruct requires that the sender trusts the receiver. Let us assume, then, that the sender does trust the receiver. To securely send a self-destructing message, the following must be true:
privnote fails #2. It also appears to fail #3 because I don't see it offering an adequate solution to the problem of browser caching and disk overwriting on the recipient's side.
Meeting all 3 criteria isn't easy, and while I applaud the folks at privnote for trying, this kind of problem cannot be adequately solved with any cloud-based approaches. The sender and the receiver must be the sole owners of the private key or keys being used to perform the exchange.
A method that meets all 3 criteria is to have sender and recipient agree, face to face, on a strong password that becomes a shared symmetric key used to encrypt and decrypt their communications. The sender types their message into a text file and encrypts it using something like PGP, and emails the encrypted file (or leaves it in some drop location - or uses privnote to transfer a base-64 encoded version of the encrypted message) to the recipient. Then the sender scrubs their drive using the unused-space scrubber of their choice. The recipient receives the message, decrypts it using the agreed-upon symmetric key, and performs a similar scrubbing. No intermediary ever sees an unencrypted version of the message.