The thing is that I doubt anyone is actually running a malicious server that would login to your honeypot as soon as it gets your credentials, at least I would let the username/password list collect for couple of months before checking it and even then I wouldn't blindly hit everything.
But the thing is that thous TOR exit points (just like Proxies) can inject all kinds of JS on the sites they display and while some people run NoScript or similar browser extensions most do not.
And giving out your username/password combinations for scriptkiddies and criminals and allowing them to run any JS on sites you visit does hell of a lot more short term damage than any government surveillance, losing all of your possessions in an identity theft or just getting phony bills is way worse for your average consumer than having their Facebook chat logged.
Tor is a good tool when used properly, but slapping it on to everything isn't what the tool was made for.
But the thing is that thous TOR exit points (just like Proxies) can inject all kinds of JS on the sites they display and while some people run NoScript or similar browser extensions most do not.
And giving out your username/password combinations for scriptkiddies and criminals and allowing them to run any JS on sites you visit does hell of a lot more short term damage than any government surveillance, losing all of your possessions in an identity theft or just getting phony bills is way worse for your average consumer than having their Facebook chat logged.
Tor is a good tool when used properly, but slapping it on to everything isn't what the tool was made for.