I had a bigt discussion about this not very long ago with a client we were destroying some disks for. He had read something along similar lines (one pass is fine).
I agree: 1 pass will tend to hide a lot of stuff. But when I did a quick example and showed him us recovering SAM files (windows password files) from one of his HDD's containing the MSCACHE hashes of several employees on his Windows Domain he was convinced
(edit: of course that was a lucky break - and you do have to crack the passwords too - but we got some contact info and other document segments too :)).
