Users who want to run "pure Tor" should run their nodes as a hidden service and connect primarily to hidden service peers. Users who want to support the network and are not worried about being identified should run their nodes both as a hidden service and as a "normal" plaintext peer. This way, the visible IP addresses are not Tor exit nodes but actual Bitcoin nodes which should be able to pre-filter bad content before the network at large has to see it (and thereby avoid getting unknowingly banned out by an attacker). The downside here is that it requires overcoming a network catch-22; until there are enough real nodes visible as both Tor hidden services and as IP addresses, the few Tor hidden service nodes existing today ca be easily blackholed.
A major problem with that is that one IP can run any number of hidden services with different hidden service addresses, so a Sybil attack is also pretty easy there. Bitcoin Core tries to make this a bit more difficult by partitioning the set of all possible .onion addresses into 16 groups and only connecting to hidden services in different groups, but I don't think that this is actually very effective because an attacker can easily fill all 16 groups with his hidden services.
One sort-of-solution would be for Tor nodes to always connect to a couple of trusted nodes in addition to some normal nodes. This increases centralization, but Tor is already very centralized, so I don't know that it'd be much worse.