Currently if a user logs out of a site and then someone on that computer hits the back button they can see any page and all private data on those pages.

There's #1912514: Using the back button after logging out shows you pages from the authenticated user's session to consider how to fix this for core.

Paranoia should allow admins to specify a list of paths and, if a page is on those paths, add a header:

 drupal_add_http_header('Cache-Control', 'no-cache, no-store, max-age=0, must-revalidate, post-check=0, pre-check=0');