It's possible to discover location of hidden service by setting up malicious tor server, accessing hidden service repeatedly and tracking who builds circuits.
vulners.com/securityvulns/securityvulns:doc:11156