I feel like it'd be fine if every single payment processor were individually part of the surveillance-industrial complex, as long as there were enough players in the space that one could get running a service by hopping around between them. For grey-market businesses to succeed, they don't really need air-tight legal protection; they just need their actions to be illegible.
This is basically the situation VPN service providers are in. Yes, in theory, any given provider could be beholden to the state. However, when a new VPN provider can spring up so easily (spin up some DigitalOcean instances, stand up a WordPress/Shopify e-commerce frontend), it's unlikely that any given new player in the space has been gotten to yet by the state (unless, of course, it's a new marque of an existing company, set up specifically to serve as a honeypot for switchers.)
This is basically the situation VPN service providers are in. Yes, in theory, any given provider could be beholden to the state. However, when a new VPN provider can spring up so easily (spin up some DigitalOcean instances, stand up a WordPress/Shopify e-commerce frontend), it's unlikely that any given new player in the space has been gotten to yet by the state (unless, of course, it's a new marque of an existing company, set up specifically to serve as a honeypot for switchers.)