Slightly offtopic, but a common exploit(?) I frequently see with Linux desktop environments is a few seconds where the user's live desktop is displayed after resuming from standby, before the logon screen comes up. Not exactly a case of obtaining control of one's computer, but could be effectively used through repetition to transcribe any sensitive content that may have been onscreen.
It always struck me as a very strange phenomenon to occur given the apparent security superiority of Linux in contrast to Windows. Perhaps that's an antiquated notion now, given modern distros that prioritise form-over-function more than they used to?
Linux screen lockers are somewhat notorious for security-ish bugs like that. There's a project called XSecureLock that aims to address some of those, although I'm not sure if it fixes (or can fix) the restore-ram type bug you detailed.