There are malicious Tor exit nodes targeting Bitcoin services. They will do man-in-the-middle HTTPS attack against your Bitcoin website. This is only successful if you accept the invalid security certificates of the website.
Hopefully the exit nodes doing this would eventually be awarded the BadExit flag so they are no longer chosen as exits. Unfortunately this isn't automatic (yet?) so we'll have to live with this problem.