So like even if you're typing chipmixer.com in TOR it's still considered unsecure?
If you use Tor to contact non-Tor website (anything other than .onion services) - one of 1200 Tor Exit nodes will tell you what ChipMixer.com service said.
If Tor Exit node is honest - it will tell "ChipMixer use encryption and this is data they encrypted for you" - your browser will display green lock icon.
If Tor Exit node is dishonest - it will tell "ChipMixer does not use encryption and this is plain-text data with fake deposit address" - your browser will not display green lock icon.
If you use Tor to contact Tor .onion website - connection is always encrypted and nobody can alter deposit address.
You could easily avoid this problem by providing a letter of guarantee. A rogue tor node won't be able to sign a message with an address, that is under your control.
Moreover, I believe, the use .onion address by mixing services is a farce, as long as they exist on clearnet. Users can access the clearnet domain from Tor browser. .onion primarily serves two purpose...
1.
It mitigates MITM attack -
If you provide letter of guarantee, MITM is not possible anymore. Because, except for the original server, no one else do have the ability to sign a message with an address, that is publicly declared on clearnet to be owned by the mixing service.2.
It hides the original server -
If you already have a version running on clearnet, your server is just a few clicks away from 3 letter agencies. You can keep your data encrypted though, but having an .onion address does not give users any extra benefit.