> The problem of corrupted exit servers is indeed one that we should all > ponder until a solution may be found.
We have entry guards, with the purpose of reducing the chance of someone who has control of multiple nodes from tying your entry and exit information together. Why not have exit guards, to reduce the risk of malicious exit nodes from causing problems? (Did I already make that suggestion a few months ago? It seems familiar).