If I have some code that runs in when a user lands on my page, such as const num = Math.random().
Is it possible for the user of the website to access the value of that variable, given that it is now in memory on their local machine? Should it generally be assumed that data in memory on the client is no longer secure?
Yes. The user can open the developer tools and put a breakpoint in the code after that assignment happens and inspect the value there.
If the value is stored in a global, persistent variable, then they could examine it from the console at any time.
EDIT: not only can the user see the value, they can change the value as well. This is why you can never trust any client data sent to your server code, even if that data was generated by your JS code. The user could have modified it before it was sent.