Isn't it entirely unsurprising that those running a highly privacy-oriented service would themselves be rather mysterious?

All it takes is an unattended machine for someone to boot another os on and grab the file

If you're going to the trouble of using a VPN, that is not a very likely scenario, and ditto for other users(!) on your machine.