So a cert is not alerted against if a root CA is listed in the
heirarchy of CAs? Okay, so if the list of root CAs is not static
(which it can't be) then it can get updated. When you THINK you are
visiting your bank's web site and get prompted to accept their cert,
are you really going to say no? After all, you went there to use
their site and won't be able to use their HTTPS interface unless you
accept their cert and obviously you are going to assume that you
really are at their site. Otherwise, no matter if you were using Tor
or not, you would never know you were truly at the intended site and
would always refuse any certs which means you never get to do your
banking online.

Whether or not you are using Tor, and when you get your bank's cert
info, to just what CA are you going to authenticate that cert? Isn't
it the one specified within the cert itself? And if the CA isn't
currently listed in your list of trusted root CAs, are you really
going to deny the cert from the site you think you are visiting? Are
you going to verify the root CA listed in the cert which is not
currently in your trusted root CAs list is actually an authorized root
CA? How much research do you expect normal users to commit in
researching the proposed cert before accepting it? No site gets an
infinite lifed cert. They expire. Sites change their certs. Sites
change or add domains and need new certs. So a site that you've
visited before that wants you to save the new one isn't something
rare. Your bank has never changed their cert or somehow managed to
have one that lasted for decades while the rest of us only get one
that lasts for a year?