You are wise not to. Not everyone who is an exit is on your side. It is better to assume that they are going to do everything nasty possible to you and your data.

Also, you should probably assume that the FBI is monitoring the exit node you are using.

Or running it.

And the Internet connection you are using.

Yes, many exit nodes are malicious. That's why you should always use https when using tor.

I've seen at least one exit node present an invalid certificate for any requested https:// url, but that's loud and obvious.

If you let the Tor developers know about this, they can mark it as a BadExit.

Why would you ever have to?

(see also: The Internet is great, but I just can't trust the organizations running the backbone.)

Well, except the backbone has no alternatives, and the whole point of something like Tor is to mitigate one's lack of trust in the people running the backbone. If Tor is insecure, all you're gaining by using it is letting a bunch of three-letter agencies know that your traffic is potentially more interesting than the average.

I think the idea is, yeah, we can have untrustworthy exit nodes, but that's already anticipated as a potential threat so everyone should know better and use https as much as possible, among other means of encrypting exit data. Doesn't Tor at least try to encrypt even exit data as much as it can? Like the browser bundle even comes with https everywhere.