I'm really worried about vendors, some of whom used Tormail daily. A couple things to note about this: 1. If you used PGP, the content of your emails is safe, but the metadata -- who you emailed and when -- is in the hands of the FBI. 2. If you used a desktop email client like Thunderbird, you would not have been exposed to the JavaScript exploit (assuming you also didn't visit other FH sites), and old emails would not be on the server. If you visited FH or the Tormail web interface recently, and you were on Windows and had JavaScript enabled, and you are a large vendor, you should assume that you have been compromised and take proper security precautions. Most importantly, don't keep any drugs in your house.