I think the article brings up and interesting point about who's SSL certs the NSA has access to. It's reasonable to assume that they are capturing most if not all Internet traffic in the states (at the very least all packets entering or leaving the county.) What is unknown is how much of that encrypted traffic can be easily decrypted. If I were a three letter gov't agency intent on decrypting massive amounts of traffic, I would go straight for the keys. It's particularly of note that DuckDuckGo does NOT use session keys in its SSL implementation, meaning if their private key got compromised, all previous searches would also be compromised.
I don't think it's too much of a stretch to assume that the NSA has found a way to that key, either through secret court orders, or good old fashioned nefarious means. Especially for a site like DDG, who makes promises of "privacy". Makes you wonder who else's keys they have access to.