It's still vulnerable to passive analysis as the other guy noted since if you control the ISP for the end-user you have some idea how much data is being pumped through an encrypted connection. [e.g. Is it just staying alive or pulling 50mb/s?]