Thanks, but…
That doesn't really answer what I was saying... The site has the secret: otherwise it couldn't use it for notifications. Okay, so supposedly the admins don't have access to it now— but the same could have been accomplished all along by not creating a webform specifically for people to query by address or (if they have database access) denying them access to the relevant table/column. So I'm still not seeing how the hash added something material. Perhaps better than not, but it's really unrelated to the central issue of creating a whole user interface to query by something that many people believed wasn't even queryable by the site operator.
The only way I can see to secure this mapping is with the help of a third party. Here is how that would work: the user would encrypt their private info with a random key and give it to blockchain.info. Blockchain.info would return a random ID for that blob. they'd take every address for each address make a message Encrypt_to_thirdpary(address,Encrypt_to_blockchain(blobID||randomkey||nonce)) and give it to blockchain.info. Blockchain would queue up and mix a bunch of these from many users.. and pass it to the third party.. who could decrypt them.. and watch for transactions. As transactions come in, they'd send a batch of encrypted blob IDs per block to blockchain. Blockchain would decrypt, and then decrypt the addresses and send out notices.
This would: Completely hide the private info from blockchain in the event that no notice is sent, make it easy for blockchain to not keep decrypted private info around accidentally, obsecure the connection between addresses and personal info from everyone unless blockchain and the third party cooperate. It would thoroughly hide the connection between addresses in a wallet. But if blockchain was analyzing when certain ID's got notified could eventually map out which was which— though someone watching their outbound email could too. It would have the downside of introducing points of failure and probably isn't worth the complexity. The third party would learn which addresses are being watched by blockchain users. But it would be an improvement in a way the hash is not.
