From a legal standpoint, You can only get away with so much. If the RIAA hypothetically scan your pc and you have mp3's on there then, they used to sent a letter to your ISP first. Whether they do that now, might be different now.
If a song shows up on a search that has your IP, and its out there, and its the first time its showed up on there scans, then you may only get a first time warning. However if it repeatedly shows then, you might be liable for posting copyright material onto the internet. The industry knows that most people now a days do not want to spend a lot of money for a crummy cd with 1 or 2 good songs on it.
and yes data recovery from a harddrive is expensive, it is possible, just from the fragments that are still there after you delete something off. The only way to insure there is no recovery data is to destroy the harddrive. Some of the material can still be there after a format. When I say destroy it, I mean as in wiping the drive initially, sitting a magnet on or near it, then putting it on a drill press and putting 6 holes alway the way through it. I had to do that at a government project before. There is no way afterward to get anything off the drive.
Did the RIAA hypothetically send a IM to you telling you that you know are sharing by the way???