You should assume Tor exit nodes to be hostile. There have been exit nodes that injected malicious code into binaries downloaded through them, and running an exit node is an obvious choice for an attacker, hoping for people running unencrypted traffic through them.
Fair enough. someone could mirror my site's content, and we wouldn't have the ability to check where it's going.
However, that's not too much an issue. we don't offer binaries (outside of two pdf files that may have a jpg embedded), and nothing on our Onion site requires a download. The most they could really do is make someone give bitcoins to the wrong wallet. That's a pretty easy customer service issue to solve ("We are not responsible for bitcoins sent to wrong wallets").
