I have been following this thread.  I think that the issue that Chaeplin is trying to tell you about is that XC id dependent on trusting the XNODE operator.  Because the XNODE is, in effect, scrubbing the link between sender and receiver, the XNODE has access to the senders private key, and therefore, can steal the coins.

This is a huge problem, and why people keep inquiring whether the anon is trusted (how XNODEs work) or trustless.