You seem to believe Im taking this personally, Im not the "dev" I was referring to; I was referring to JLP.  Its apparent to me that the case is you guys dont really understand how tor works.  Its either that or you are simply now really stretching to find a way to not have to admit that your original decision on SSL was wrong, in order to "save face".  That being said, except for the trusting of the node operator, Im not going to bother responding to any of the points you just tried to make.

You are the one that originally brought up that a user would have to trust the node operator as an argument against if we used SSL.  My response to that was that this is indeed the case *regardless* of if tor is or is not used, *and regardless* of if ssl is or is not used.  The simple fact is that when a user uses a light client, HE IMPLICITLY TRUSTS THAT THE VPS OPERATOR WILL NOT EVER TELL ANYONE THAT THE USERS ACCOUNT NUMBER BELONGS TO A CERTAIN IP AT A CERTAIN TIME.

And yes, please remember that way back, I suggested that my group of VPSs *NOT* be the only ones used in our model, to provide decentralization.

Look at my post just before this one.  If you guys are OK with forcing users to send unencrypted data over tor as our "security" model then it means that you are OK with our users being FORCED to trust THOUSANDS of unknown tor exit node operators who will have 100% immediate account/IP correlation.  And yes, the NSA, CIA, FBI does run tor exit nodes around the world for this very purpose.

The bottom line is:
1) regardless of tor and/or ssl, you always trust the end node you are sending your data to
2) that if you use tor, you HAVE to use SSL

If you do not understand these 2 facts, then not only do you not understand the tech behind ssl and tor, but you also dont even understand the POINT of tor, and you need to do a lot of research