There's a limit to RSA blind signatures - if someone signs a bunch of small prime numbers, then multiplying these together yeilds a valid signature on the product. Collect enough factors and you can sign anything. So, if too many blind signatures are made, it effectively leaks the signing key. Thus, the signing key needs to be changed each time, and you can only mix a limited number per batch.
I am currently finishing to build a mixer which functions on this principle, with RSA. This point by Ari is the only insecure thing to be resolved. But every blind signature requires the user to send some bitcoins first. And these bitcoins are not redeemable if the user asks for blind signature on a small prime number.
Therefore, only issue is how many unredeemed blind signatures is safe to leave. When this number is reached, the mixer must change the blindsigning key.
Alternative is to make a pool of blindsigning keys, and select at random for each blind signature. This adds complexity.