That is, assuming you don't go for some NSA parallel construction thing. But if that's the case, it will probably become clear after a couple more site busts.
Whoever does this next will know how much of a risk they're at, and will probably take appropriate steps to protect their real identity from day 1.
It sounds like they need to harden the server better too. Not just the code base and platform, but even configuring things such that whatever OS the site is hosted on can only see the outside world through Tor.