[derefr]

AFAICT, the one thing you get from using TLS, is a kind of redundant defense-in-depth to the site being taken over: to successfully pose as the site, the attacker would have to obtain both the Tor daemon private key, and the TLS private key. If the Tor session and the TLS session are each terminated on their own middlebox with separate security (or if e.g. the Tor privkey lives in memory on the machine, while the TLS privkey lives inside an HSM attached to the machine), then it becomes harder for anyone — even a state actor — to commandeer the site.

Also, the TLS cert would be signed by a CA, and so that CA can independently determine that the site has been commandeered and revoke the cert. (Not that I expect a CA would actually do this in a timely manner if the commandeering is done on behalf of a state actor — but that's more a fault in our current CA system than a fault in the logic of X.509 trust infrastructure itself.)