If it is needed, then it needs to be designed in. Properly, with well understood version control and security (arguably this should be done in user space). And if it *isn't* (whether filesystem wide or per-file), the OS should be able to scrunge a file from the media beyond any reasonable hope of recovery). What we *don't* want us the DOS/FAT style of "well you, might get it back if you're lucky and buy this add-on utility".
One of the problems with letting the device firmware handle this is just how effectively a deleted block has been deleted. If the OS has access to the raw hardware, then the user actually gets to control the precise level of undeleteability, which strikes me as being what we want.