Although you do not have a wallet on torwallet.net, hacking of torwallet.net will expose the secret code, and thus the balance of the accounts of those who use torwallet.net.
It is impossible for google or anyone else to find the link to a TORwallet unless it has been posted somewhere. Those instawallet links were most likely indexed by google visiting instawallet.org and being redirected to a new wallet.
We are working on adding an optional password field to the site. We are waiting for our developer to get back from vacation.
Hacking of torwallet.net will expose absolutely nothing.
https://torwallet.net is nothing more than a proxy, and actually has more in common with a port forward in your router. It doesn't even understand http and does nothing more than pipe data through tor.
In fact, here is the command we use.
socat openssl-listen:443,fork,reuseaddr,su=nobody socks4a:127.0.0.1:nci2szjrwjqw2zbi.onion:80,socksport=9050
Hacking of nci2szjrwjqw2zbi.onion would reveal current balances, however the attack surface is limited to a single port.
Therefore, anyone who knows the code "c85f0c2c53.............." can redeem all coins in my wallet.
A hacker can obtain the private key of torwallet.net's certificate, and he will learn the code "c85f0c2c53.............."