So if I'm reading the reports correctly, the JavaScript exploit was only live for a few days, after they seized the FH server. That means they must have identified it some way (I thought they hacked the server to add the exploit). That is worrying, but I think it's still more likely they used application level exploits to identify Tormail and/or FH, rather than an attack on the Tor network.