... every experienced programmer/user knows that with java script the programmer/administrator could steal your cookies (from any website) and forcing users to perform actions that they did not intend (IP LEAKING?! and much more) very unsafe for a mixing service.
I'm assuming you actually mean... "very unsafe for USERS of a mixing service"But my question would be, why would the programmer/administrator need to steal cookies from users? The users are voluntarily giving them BTC... Who cares about some IP addresses and cookies when you can just wait until you get given a bunch of BTC and walk away... why hack your own JS?
I see that the other site utilises PHP... a quick perusal of google using words like "php" and "vulnerability" cough up an awful lot of pages regarding security flaws in PHP... just like there are many ones about JS... At the end of the day, you are putting faith in any 3rd Party service that they have used appropriate methods to secure their systems, regardless of the systems in use. Using the "safest" system in the world isn't any good if you leave the door unlocked
Also, while it is a great show that they've put 10 BTC in escrow... aside from the word of the mixer admins and the escrowing party, is there any real way for them to actually prove that they are actually independent of each other and they're not best friends (or the same persons)?
#foodForThought