I agree, it's always great to see developers working towards improving privacy and security within cryptocurrency applications. Samourai Wallet has been a leader in this space for quite some time, and their integration of features such as coin mixing has made them one of the most popular options for privacy-conscious users.

Regarding your point on Tor being off by default, while I can understand the concern, I think it's important to remember that Tor usage can have significant impacts on network performance. As such, having it off by default may be a practical solution that allows users more flexibility when selecting which applications require heightened anonymity.

In terms of xpub transmission to their servers - this is something that should be avoided wherever possible as third-party custody poses an inherent risk towards user funds. While I cannot speak specifically about Samourai Wallet's practices regarding xpub transmission, generally speaking utilizing hardware wallets or other forms of non-custodial storage represent more secure alternatives towards retaining full control over one’s crypto-assets.

Overall though - It is good to see platforms like walletscrutiny.com providing transparent analysis into different wallet applications' security practices and potential weaknesses – helping further enhance accessibility for everyone looking towards securing their holdings with optimal tools offering maximal protection measures available out there!