1. Human error. Including not using GPG to encrypt your address. 2. Massive state level SIGINT agency traffic analysis 3. Hackers 4. Lack of anonymizing Bitcoin enough 5. Random interceptions Human error is certainly a weak part of SR. Lots of users don't even encrypt their addresses I hear. But this is fine by itself, up to the point that the server is seized, pwnt by hackers, or the admins are busted. So it is hard to say it is the weakest part of SR, since before it manifests itself as a weakness another issue will need to trigger it. Massive traffic analysis by NSA and similar agencies is a big concern and there is a lot of worry that these attackers can deanonymize most Tor users. If they actually feed the intelligence to the feds, that is somewhat of a different question, although I am not as optimistic as I once was. Hackers are a real threat as well and it is hard to say they are less of a threat than SIGINT agencies. Even though a global external attacker is near a death blow against SR, it might be that we actually have more to worry about from hackers. Random interceptions are always a threat as well, but they happen rarely without some other form of intelligence pointing to the package or individual. It is really hard to say which of these is the greatest threat to SR, but together they are the primary threats to keep in mind.