"Preventing abuse" is generally equivalent to surveillance - identifying a session as being associated with some longer lived identities. Their explanation makes me less comfortable for why they're doing it!
Redirecting to the https site is a bit less secure than the hidden service, in that your traffic will only go over 3 hops (TOR client) rather than 6 (TOR client + hidden service circuit). But AFAIK they could also write a modified TOR client that served a hidden service without any additional hops. Those additional hops are best seen as security for the hidden service rather than the user. Also, a hidden service for a well known business is kind of a pointless marketing gimmick.
Redirecting to the https site is a bit less secure than the hidden service, in that your traffic will only go over 3 hops (TOR client) rather than 6 (TOR client + hidden service circuit). But AFAIK they could also write a modified TOR client that served a hidden service without any additional hops. Those additional hops are best seen as security for the hidden service rather than the user. Also, a hidden service for a well known business is kind of a pointless marketing gimmick.