>>12
The tor browser is one application of the tor network. It has real exploits which have yet to be patched:
https://trac.torproject.org/projects/tor/query
But that article is talking about how the FBI exploited a server that was initially breached (meaning they had all the server logs), to get IP addressed of the users that had enabled Javascript (out of all things). That is called user stupidity, not a problem with tor, not a problem with the tor browser, which both have many exploits available.
Knowledgeable users know that they should not be running anything at all anonymous networks, and if they have to, they should review it. If what you want is UI for the user on HTTP, don't do it in JS, just use html meta refresh with forms or WebDAV. Then again, that is what they get for using HTTP, and not implementing REST. You want something anonymous and UI friendly in a tor network, use things like CVS, NNTP, STOMP, SSH/telnet clients, gopher?, and Freenet clients, and have all the CRUD you ever need for your data, with minor configuration to remove logs. And with Journalling file systems, you can have a self healing system if a binary application, which should be isolated from other applications, gets altered or removed. I'd assume the owner of Freedom Hosting knows nothing about system administration to had it breached before it was shutdown, unless it was a honey pot service since inception. Did the owner even have backups on other servers, spread across the globe?
The only props I yield to OP is that he reposted the blog post:
https://blog.torproject.org/blog/hidden-services-current-events-and-freedom-hosting
JS, out of all things. Sigh.