The application layer attack that we witnessed is much worse than any network layer attack that we know about. All of the network layer attacks against hidden service users are statistical attacks that identify a random sample of users (although one could argue it's not completely random if technically savvy people mitigate it while less savvy people don't). If LE hacked the SR server and distributed a similar exploit, they could correlate IP addresses with specific users, because they would serve cookies to people who are logged into their accounts. So they wouldn't have to waste time investigating OzFreelancer or somebody who has never made a purchase. They could directly correlate IP addresses to the top vendors. That's why it's much more dangerous, and top vendors absolutely must protect themselves with more secure setups than TBB on Windows.