I would rate its security somewhere between sending a plain text e-mail and sending a GPG encrypted e-mail, leaning heavily towards the plain text side! I have to confess though I do use Privnote to protect the mailing addresses I use for my customers to send cash in exchange for Bitcoins as many of them are new to cryptography and haven't yet mastered GPG - as such I do worry more about the information remaining on their hard drives if sent in an e-mail as opposed to being removed from the site after a certain amount of time.As you say this doesn't protect you from man in the middle attacks, even though Privnote do use SSL and also there's a risk that after the note is deleted it could still be recovered by Privnote themselves and handed to LEO.Of course you would still need the corresponding message containing the Privnote link to demonstrate context e.g that a person had uploaded their address specifically to receive illegal drugs, and not just to receive a CD but I agree it's something of a risk and could in itself prompt further investigation.In an ideal world, everyone would master GPG and we'd have no need of such sites!V.