That's a good point. I think only on virtual models of the Tor network. No live hidden service has been identified through technical attack on the Tor network. Yes, all these attacks are theoretical, but you gotta figure that there will be a first time for at least one of them. You should never bet your security on the incompetence of your adversary. Anyway, it wounds like an interesting project and I'll definitely be keeping up on it. BTW, all the research on onion routing (attacks, mitigation, protocol obfuscation, etc) is listed here http://freehaven.net/anonbib/date.html