Because it's based on and thus only ever asymptotically secure as Firefox, which is not the most secure browser architecture, and because of the economics of browser exploit development, and the fact that Tor Browser Bundle collapses a whole set of valuable targets down to a single release train, we can be sure that pretty much anyone who uses browser exploits as standard operating procedure has a stockpile of TBB exploits.
Re-evaluate whether the kind of privacy offered by tor is your number one priority. A lot of journalists have notes and work product and contact info they need to protect, but they're not living deep undercover. The information stored on their computer is far more sensitive than the list of sites they visit.
> Re-evaluate whether the kind of privacy offered by tor is your number one priority
A good point. Though in fairness, that's why I included Chrome over a VPN as an option.
> The information stored on their computer is far more sensitive than the list of sites they visit.
Not that it invalidates your points, but I wonder how true this one statement is. First, remember that in addition to metadata Tor hides content (which may be redundant in the case of HTTPS-secured websites, but that's not a bad thing). Also, a journalists' metadata could tell you a lot about the who, what, when, where, why and how they are researching, and expose sources.
What is more valuable, knowing who a journalist is talking to and when, or knowing what was said? IM very HO, I think the former.