He seems very impressed with the privacy: "In fact, nobody knows that he got it except me and him", "nobody can ... look at your account balance".
But every transaction is public. Is there anything stopping the NSA (or Amazon, or me) from subscribing and adding up his current balance? Sure, it'll be linked to his bitcoin address, not his name, but that can't be all that hard to map, can it?
You create a new bitcoin address for every transaction. Some money goes to the actual recipient, and the "change" goes back to your new address. In addition, you can attempt to "launder" bitcoins by executing bogus transactions from yourself to yourself.
Posting a static bitcoin address on your website and saying "send money here" is not considered best practice.
It breaks anonymity. Transactions are public and that static address is public, so anyone can tell how much money that static bitcoin address has received.
But every transaction is public. Is there anything stopping the NSA (or Amazon, or me) from subscribing and adding up his current balance? Sure, it'll be linked to his bitcoin address, not his name, but that can't be all that hard to map, can it?