I wonder how well security by obscurity - or at least partially by obscurity - would work in this sort of situation. Do they know enough to ask for the passwords to your randomly chosen sever? Do they know enough to do steg on some random imgur photo, or on your forum avatar? Do they know enough to ask for the passwords for something that's going to be sent to you via the internet, on time-delay, after you've left their custody - and which you'll have plenty of time to send an abort code to, like say asking your computer back in your country of origin for a different file than the backup, if the password is compromised anyway?