If you block non-tls traffic period and you never click through on invalid cert sites the only concern is 0day exploits. As much as https is popupar there is still alot of plain http sites and sites that upgrade to https after the first request. Data collection and running JS in your browser aside,there are clever tricks used to track and possibly deanonymize youand obviously they are hostile when it comes to exploutation.
At least VPN providers need your money and their reputation and you can chain them for tor like privacy without the poor performance and anonymity.
> Tor exit nodes have been caught injecting malware into binaries downloaded over HTTP through them
It's more accurate to say bad actors have been injecting malware into HTTP-downloaded binaries. Some of these bad actors use Tor exit nodes, some use free WiFi hotspots, and some run their own VPN services. Framing this as a Tor problem is like blaming violence on weapons instead of the perpetrators.
