Sending the shipping address through other channels decentralizes the whole thing because LE would have to get access to both channels to know that you ordered something illegal and to get your shipping address.I am not familiar with TorPM but you should consider that for cryptographic applications only open source software can be assumed as secure because of the high risk of backdoors in closed source applications (a famous example is hushmail which was wrongly considered as safe by many people back in the days).