Ok, here's my effort in ignoring the personal accusations and your assumption you make in your post.
The bottom line is:
1) regardless of tor and/or ssl, you always trust the end node you are sending your data to
2) that if you use tor, you HAVE to use SSL
Which data do you think needs to be encrypted using SSL and thus be protected from the node operator (and the exit node operator when using Tor)?
Can you please name what you are trying to protect with SSL? Is it transaction data? Is it the accountSecret parameter in URLs? Is it the IP number of the NXT client end user?
EDIT: I've read your post again and I think you are trying to protect the IP of the NXT client end user:
The simple fact is that when a user uses a light client, HE IMPLICITLY TRUSTS THAT THE VPS OPERATOR WILL NOT EVER TELL ANYONE THAT THE USERS ACCOUNT NUMBER BELONGS TO A CERTAIN IP AT A CERTAIN TIME.
With Tor, neither the exit node operator nor the NRS node operator know the IP address of the end user.