Comment Separate the hidden service from the tor daemon (Score 1) 106
Rule #1 that should be enforced: contrary to all popular docs, the hidden service should never, ever, be on the same logical machine as the tor daemon. The latter needs connectivity to arbitrary IPs, which means as soon as any part of the service is pwned -- or just sports a data leak -- the bad guys can learn who you are. If the hidden service machine doesn't know its IP nor other kinds of data that can be used to identify it, it can't leak that.
This won't avoid traffic analysis, but (most likely) the majority of hidden service breaches so far has been done by exploiting some bug in a http daemon and making it query http://home.spooks.gov/ outside tor.