It's not hard to imagine how this would be connected with the transactions a person makes just due to the timings of the requests.
Running armory doesn't necessarily mean that you are performing transactions, so i don't think any connections can be made by that.
Sure they can.
You know that the user won't be making transactions when the application is
closed, so you can start to eliminate transactions on the chain which couldn't possibly have been theirs. Armory doesn't use compressed point pubkeys, and does not reuse addresses which you can use to further filter the transactions you see. With the last two features alone you can eliminate a large portion of all transactions in each block as being not possibly being made by Armory.
Having 32 bits of the home folder hash is actually pretty devastating to your privacy as well. Within that space you could search bitcointalk user names for example with only a 1 in 4 billion chance of a false positive per attempt. I'd bet on a lot of people having user names that very much match with their bitcointalk ones.