The risk is that key servers log IP addresses, like 99.9% servers on the inernet. So if you are a vendor and you upload your key over clearnet and tell everyone to get your key from that key server, then LE can go to the server operators and ask which IP that specific request came from. Even if the vendor used a proxy, LE could enumerate some of his buyers by looking at which IPs have been retrieving the key. You can configure some PGP clients to use proxies. In fact, you can configure them to connect over Tor if you use an HTTP proxy to forward to Tor's SOCKS port, but there's way too much risk of fucking up for the average person to do that. You should do not use key servers for any SR related activity. Vendors should never use key servers, and therefore buyers have no reason to use them, as they shouldn't.