That's one of the advantages of open source security tools: even the black hats need strong security. So long as you can reasonably examine, assess, and trust the source and methods, there's no problem with this.
The white hats have the added advantage that they can (generally) collaborate openly. Black hats have fewer and more constrained communications channels. Even in a regime in which personal liberties are constrained, white hats may be able to communicate openly pseudonymously or anonymously. The black hats, in order to preserve their mystique of power, and defections, _still_ generally have secrecy requirements.
Tor's creation was funded by the US Navy. Presumably, it was made to allow US spies in hostile foreign countries to safely communicate home to the mothership.
Actually, the history is more interesting - it was intended to prototype command-and-control communications between ships in a fleet. If all of your nodes are communicating through one central server, presumably that's your flagship and the thing you should blow up. If all nodes look homogeneous, you can't determine via signals intercepts what you should be targeting.
In my usage of Tor it seemed like the router would choose a small subset of the network to be my set of entrance nodes[1] and the exit nodes chosen were also a small subset of the network[2]. Just clicking "new identity" on Vidalia would often fail to change one or the other, even though the middle node changed.
Combined with the 3-hop limit[3], this suggests that a network like Amunet or blutmagie, with a strong exit node presence, might be able to fully de-anonymize a tiny fraction of the traffic passing over Tor. This is interesting because Tor is trying to guard against mostly de-anonymizing arbitrary traffic, not fully de-anonymizing special traffic.
So if Amunet wants to de-anonymize a request, what does it do? The way this works is, Amunet runs a patched version of the Tor software; they buy a couple of servers in remote data centers which they do not notify the network as belonging to the Amunet. Those servers work as entrance nodes, not exit nodes. We'll call this entrance node the Malicious Gateway.
Given a forwarded chunk of data, the malicious gateway can tell that it's not forwarding that data to a known exit node, which means it's the first of the three hops -- not the second. This means that the malicious gateway can pretty-reliably infer that the IP which contacted it was not a dumb router, but was the instigator of the packet -- even if that router was part of Tor.
Amunet sets up their service as follows: before the MG sends on the request to some out-of-control middle man M, it sends to the Amunet exit nodes a simple block saying "expect a request of about this length routed from M; I am tracing it back to IP ____." If you accidentally chose to use an Amunet exit router, then the middle node's distinctiveness has actually helped Amunet to filter the signal from the noise, so the proof gets stronger as the network grows (though the amount of compromised traffic diminishes). That boost is provided by the three-hops limit which also removes plausible deniability. And finally, since people choose a small block of entrance nodes, you can in principle get a lot of transaction data from just one person.
[1] This is intentional: you choose a small pool of entrance nodes because Tor wants to hide the fact that you're using Tor from your ISP. Tor looks like HTTPS traffic to your ISP, but people don't open lots of HTTPS traffic to lots of different sites in short periods of time.
[2] There seem to be a few reasons for the limited exit node selection. First, it seems that Tor preferentially chooses high-bandwidth exit nodes. Second, exit nodes are not enabled-by-default, because people are scared about legal implications.
[3] Three hops is hard-coded into the system. Changing to four hops would make the proposed attack reveal much, much less -- but it would also slow down the network by 33%. The issue has been raised before but the consensus appears to be that wanting four nodes makes you paranoid.
