I would hope that the web server is in some sort of jail and doesn't have any ability to send data outside of Tor (or to know any external IP addresses associated with the server).....but I doubt that this is the case  anyway your paranoia alert was stupid because it pretty much boils down to "let's say a vulnerability is found and somebody exploits it!!!" well no shit sherlock ;P lets say that the earth blows up suddenly oh noez we r all ded  SR really should be changing server location frequently though. I think that is the single biggest thing that he could do for the security of this site and the people that use it. Feds gon trace a hidden service eventually if they have not yet figured out how to do it (which kind of amazes me), but the process is going to take time...so the best thing is to constantly be changing servers location in the hopes that you change server location faster than the feds can trace a hidden service. But everyone knows if you just leave a Tor hidden server in one spot that eventually it is going to be traced.