I just heard that if the private_key file of your hidden service would have gotten in the hands of an attacker, he could have located your hidden service just like that. I just wonder how that can be done, since it's just a file with encrypted code in it.