Well, sure, if you run Knoppix off the CD everything happens in the RAM (physical RAM, not swap space on the HDD) so once you switch off the box it's all gone.
Spyware? I wouldn't worry about that. I don't know about any piece of software that's loaded with spyware in Linux.
However, running off a read-only medium indeed is a great security measure. For the network I maintain at work we have the firewall run off a write protected usb stick (we used to use CD-RWs but then you had to burn the CD all over again when you wanted to change a single config line). Log files are send to a remote log host, the only user's home dir is on a ram disk (this probably isn't neccessary but makes it easier to install updates and stuff). This greatly enhances security cause nobody can do things like install rootkits or trojan horses. You can still manipulate things in the cache (iptables rules for instance) but you can be 100% sure that after a reboot the system is in exactly the state you configured it.