It does make me feel good to see a GNU project like this out there - at the core of the free world IMO, the bits of glue which get our society running, it should really be all open-source and open licenses.
My understanding is that exchanges would do their due diligence before exchanging your fiat for tokens, and separately shops may do due diligance if necessary before accepting your tokens; the exchange does not know that you performed a transaction at this shop, and the shop does not know with whom you exchange, but both those relationships have separately done due diligence.
In particular I don't believe there could be a such thing as a "darknet shop" or "darknet exchange" using Taler. If any one entity is not following regulations, it should be possible to track them down and subject them to the law. If a merchant isn't following regulations, then they can't redeem their tokens to fiat at the exchange. If the exchange isn't following regulations, then the auditor/government shuts them down.
 not sure about this one
Plus shops will usually have more information: email/address etc.
If they're converting to physical goods, they also have to be sending them somewhere - which is much harder to anonymize.