CP is completely irrelevant to this conversation, the point I was making is simply that feds can sometimes hack into hidden services. You have three options: 1. Trust the security of the server and trust the operators of the server (The server is almost certainly weak to being penetrated in some way, humans are failable) 2. Trust the security of privnote and the operators of privnote (privnote is very weak to MITM, the operators could use bugged javascript etc) 3. Trust the mathematics of RSA, which have been subjected to vigorous peer review and determined to be secure take your pick but I personally will be going with 3. The vendor storing your information or not is completely irrelevant to the security of how you transfer your information to the vendor. If you want to be really secure use fake ID boxes or other boxes that cannot be linked to you, and switch them up periodically or especially if you think a vendor was busted.