Sure, but it's quite nice that any random passerby who happens to look at the Monero blockchain has no idea what you've spent and where. If there's something like bitcoin's "new address per transaction" for Monero, they won't be able to tell anything even if they have data from all the merchants.
Monero should be treated like the beta software it is. There have been vulnerabilities in the past to remove anonymity and there will be in the future. I would at least give it 5 years & a lot more adoption to start trusting it somewhat.
> Saying there will be vulnerabilities in the future is FUD.
Saying there will be vulnerabilities is 99.99% likely to be true. All software written by humans is highly likely to have mistakes. Remember Heartbleed? The code was open for all to analyze and used by millions, and yet we recently found a vuln that allowed attackers to dump the entire memory of a server. Open source is no guarantee against vulnerabilities.
Default assumption should airways be that there will be vulnerabilities.