The Tor client is also careful about picking nodes from a wide geopolitical range to minimise the chance of collaborating nodes in the circuit. If all three nodes are in the U.S., it might be easy for the government there to track the origin. But they'll likely have a much harder time if two of the nodes are in Russia and China.
If the adversary can watch the traffic at the entry node and any one of {the exit node, the websites you're visiting, a compromised router in between}, then they can de-anonymize your traffic pretty easily using statistical techniques. (All my links on this subject are a decade old; I'm sure there's newer research.)
The Tor client tries to take this into account when choosing entry and exit nodes, but it has to consider other threats as well and there's a limit to how well it can do. Remember the adversary only has to get lucky once to discover that you are a member of the Rebel Alliance and a traitor; you have to evade them every time.
Ross Anderson calls this "programming Satan's computer". It's like you have an NFA that always chooses the worst state transition rather than the correct one.
I agree with everything you've said, but just wanted to mention "Entry Guards" as the "solution" that the Tor Project came up with for, "the adversary only has to get lucky once". The idea being that the Tor client picks only a few nodes for network entry and re-uses them. Otherwise, eventually you'd connect to all entry nodes.
