Exactly, it is not even difficult to do and just not doing it in public (making people aware of the fact that it can be done) does NOT mean in any way that it won't be done in private. Proper blockchain analysis tools would for example have shown pirateat40s scams much earlier or even prevented them.
Bitcoin is not anonymous (even though a lot of people act like it is) and this is increasingly becoming a problem. As said, unless there are proper tools out there that demonstrate to anyone how easily their payment to Wikileaks
can be has been traced (this has been done YEARS ago!) there won't be much incentive to make Bitcoin more secure against deanonymisation.
Even ignoring the case that 2 TXINs does not 100% mean that 1 person owns both addresses, just looking at clusters like "Bitstamp customers" or "MtGox customers" will probably have much more data inherent than some people might expect.
Thanks for the link by the way, I took another look at neo4j because of it. Unfortunately there still seems to be no real way for time-coded data in there (I found
https://github.com/ccattuto/neo4j-dynagraph/wiki/Representing-time-dependent-graphs-in-Neo4j which maybe even has been used in this project...) which is a pity - a lot of data is strongly time dependent.