Surprisingly few people PGP encrypt their addresses. I've seen vendors quote numbers ranging from 50% to 95% of their customers don't encrypt their addresses, with a median probably around 80%. We have a biased view, since most SR users are not on the forum. The people who register and post on this forum are going to be more engaged and proactive about their security, and that's even more true of people who post in the Security section. Some SR users are incredibly lax with their security, using regular browsers to access SR over clearnet, through Tor in-proxies like onion.to. They probably have no security in their bitcoin practices either, sending BTC straight from exchanges (linked to their identities) to their SR addresses. Anyone who compromises the server. It would most likely be a big three letter agency, but it could be hackers who then use that information to blackmail people. It means either that the SR server uses full disk encryption, or the data is encrypted in the database. The problem is that an adversary who gains physical control of the server may be able to steal the encryption key from RAM and get access to all the data. The way I view encrypting my address, it's like wearing a seat belt. I may not get in a car accident in the next month or the next year, but in the unlikely event that I do, having a seat belt on could be incredibly important. And it costs me nothing to wear a seat belt, so I wear one every time I'm in a car. The SR server may not be compromised any time soon, but if it ever is, the people with plaintext addresses will be the low hanging fruit that LE will go after first, especially if they have large outstanding orders. Encrypting your address costs you almost nothing -- maybe 30 seconds of your time -- so you should encrypt your address every time.