I had posted on the forum 5 or 6 months ago about how to make the client harder to detect. (I can't remember the title of the post atm.) So allow me to reiterate:
The post involved making the Bitcoin client select a random port to bind to and not offering a handshake upon connecting to it. Make the connecting party send the handshake. This would improve privacy a LOT.
An attacker would connect to some random port on your computer and get dead air. A valid Bitcoin client connecting to your computer would *send* a handshake to invoke a response from your computer. (Why should it volunteer to identify itself? lol?)
I also think that the Bitcoin clients should emulate what TOR has recently done (as of 3-4 versions ago). TOR's bridge system spoofs the SSL to look like Firefox connecting to Apache.
Bitcoin should do the same.
If the Bitcoin clients just looked like thousands and thousands of Firefox browsers connecting to Apaches on random port numbers it would make a passive attack (DPI) a waste of time.
The only vector for attack at this point would be someone running a valid node and looking at the IP seed files. If you are in a country where running Bitcoin is illegal you should be running Bitcoin over TOR (or some other onion/garlic network) or not running it at all.