CodeSign Tor for OS X
Tor should be code signed on OS X. This would improved a lot the security. Any user could verify that the Tor application has not been altered. Also GateKeeper would tell you if the code signature is invalid.
Currently the Tor application is not code signed as you can see by running codesign: codesign -dvvv /Applications/TorBrowser.app /Applications/TorBrowser.app: code object is not signed at all