Yes, I have installed electrs in the past... It's slower than other implementations, but it was really easy to setup and run on my existing node without having to reindex... Iirc, I used nginx as a reverse proxy to deny incoming connections from non whitelisted ip's and handle ssl encryption.
Even though it claims as "An efficient re-implementation of Electrum Server" ?
As for the tor option: I had no idea... I either connect to my own node or to a public electrum server over the clearnet... But than again, I don't hold enough crypto to fear getting robbed...
I don't see correlation between Tor and potential getting robbed.