It would be more accurate to say that the functionality offered by SharedCoin could be compromised by determined actors with time and money, as it was never intended to provide anonymity as implemented by blockchain.info. ~ a story on it ran some time ago (June of 2014) and was widely circulated based on the coindesk article below which is accurate in its summary:
http://www.coindesk.com/blockchains-sharedcoin-users-can-identified-says-security-expert/A few important points to note, though:
1) blockchain.info began its SharedCoin implementation (as announced to the public) November 17 of 2013,
2) the Kristov Atlas advisory detailing how a vulnerability could occur was released about it on June 9, 2014,
3) the coindesk article which further increased awareness of it was released on June 10, 2014.
4) the company (blockchain.info) never claimed the implementation would provide anonymity (it was offered as a privacy measure), but as part of the coindesk article, stated that "anyone with sufficient time, money, motivation and computing power could correlate transaction outputs and inputs"
5) Finally, let's assume someone is using a stealth send as described below,
https://github.com/spesmilo/electrum/pull/817and also using the plugin described in this thread as shown below to do a mix which connects to blockchain.info
https://github.com/tkhaew/electrum/blob/mixer_plugin/plugins/mixer.pythen it would be safe to say that in such a case the logical thing to request would be exactly what the author of the plugin has already suggested: a security audit.
(I've also suggested adding a readme for ease of use as per my prior comment.)
6) Finally it may be good to add in notes for the plugin that it is a privacy measure and not an anonymity measure by itself, but I suspect that there would be always some debate as to the wording no matter how it would be written.