The article said the bug has known of by devs for a while.. is there really any more risk going to a trusted onion site now then there was a week ago? Especially if the problem already existed?
in light of: https://www.reddit.com/r/DarkNetMarkets/comments/467ow1/critical_gnulinux_vulnerability_tails_affected/
an important part to remember is that if a three letter agency wishes to investigate you they need to have return on their investment and investigation.
like they literally need to recoup money somehow- if youre not worth their time they will not investigate.