The nice thing about SR's design is that it requires almost zero trust in the admins. If you PGP encrypt your address, it won't matter if the database containing shipping info is compromised. The only point at which you must trust SR is when you transfer coins to your account. You trust that they will credit your account and hold your money in escrow. Vendors trust that the coins will be transferred to them. Everything else, including obtaining the coins, can be secured independently of SR. I know that in practice that isn't the case. 80% of buyers don't encrypt their address. Most people think that sending coins through a few ewallets unlinks them from SR. We can't prevent all unsafe behavior, but we have the tools to engage in safe behavior, almost completely independently from SR.