First of all, if this is meant as a means of circumventing censorship, it will fail. You must publish which pads contain a piece of data. If someone wants to censor that piece of data, they can find out which pads are used to obtain them, and start suing ftp sites to have those pads removed. The only thing this system gains is a little obscurity.
He states: *"Assuming there are about 200 pads floating around. The number of files which can be obtained by XORing 6 pads is ober 50 billion."* This is false for the simple fact that in order to introduce a new piece of data into the system, you must XOR it with a number of pads to **create a new pad**. Therefore, with 200 pads floating around you can have at maximum 200 documents. If you were just going to send the "encrypted" data to a friend you'd use a real encryption algorithm. I'm assuming this is for mass dispersion.

One needs there to be more "innocent pads" (his term) out there than pads derived from data, or a brute force attack becomes feasable. You could just start XORing random things, and come up with something "hidden" a sizable fraction of the time.

Another attack method goes like this: Assuming the person creating data pad used N random pads to create his new data pad, one could simply try all possible combinations of XORing N-1 pads. Then compare this new pad (made from N-1 XORs) with each pad out there. Since data is padded with zeroes, the ends of the pads will be identical. In fact, since the probability of two truly random pads having the same set of M bytes at the end decreases drastically as M increases, one could just perform this procedure on the last few bytes of each pad, and therefore save massive computation time. Using his example of 200 pads in existance, and using 7 of them to hide your document, and assuming the attacker can perform an XOR in 1 clock cycle on a 500 MHz computer and he examines only the last 16 bytes (probability of them being the same for 2 truly random pads= ~10^-37), the attack would take 16*200-choose-6/500MHz = 16*200!/6!/194!/500MHz = 2637 seconds= ~44 minutes.

Something which could be reasonably cracked in 44 minutes I would hardly call secure... This would give you, in reasonable time, which pads were "innocent" and which contained data. Suing to have the data ones removed then becomes feasable. (and no defense based on an innocent pad)

Ok, so his example may have been flawed. It's still a decent idea. But you'd need (by my estimates) >1000 pads out there, and you should use at least 10 pads to hide your data. This would give you a brute force time of over a year. Ideally you want this to spread, and there to be tens or hundreds of thousands of pads out there (keep in mind you want more "innocent" ones than data ones, or examining the ends of the pads will easily recover the few innocent ones).