If they can get direct access to the DDG servers, then it doesn't matter if they can siphon off traffic at the ISP level. They can just access the data.
But wouldn't that require constant access to the server, whereas the key they could steal once with short access to server and use until it expires without the victim noticing?