Not fully understanding or improperly using applications that protect your privacy and allow you to bypass censorship can seriously affect your online security. A researcher recently revealed that he was able to gather sensitive data including the user names and passwords of government email accounts by snooping on the traffic of five Tor exit nodes he controlled. If you are not using end to end encryption the Tor exit node can see your traffic in plain text. as the researcher notes:
ToR isn’t the problem, just use it for what it’s made for.
This reminds me of the “trick” a lot of people use in which they set up an email account but don’t actually send email but rather just store email in the drafts folder thinking that this protects them from government surveillance. Unless the full session is encrypted, and many using this technique are using web mail account which only encrypt the login not the rest of the traffic, it can still be snooped even though you are not “sending” the email.