i think we should all assume sr is already rooted and use our own defenses against it... technically u should be able to use sr without ever leaking personal information to sr itself. gpg + tor isolated vms etc.