The idea that Tor is compromised by the NSA, if true, is not by releasing compromised source -- it's from the NSA running the tens or hundreds of thousands of Tor nodes required to compromise the system.
It's the network that is compromised. If you operate enough exit and relay nodes, you can be pretty damn well sure of where the traffic originated.
Anonymity hinges on the nodes, if an entity controls most of the nodes then the network is pretty much an effective honeypot.
Given that the FBI has been incredibly vocal about their efforts to take down Tor, and the fact that it is synonymous with illegal activity (drugs and child porn); operating enough nodes to investigate and bust criminals seems right up their alley.
There are user options to specify which entry and exit nodes to use [1]. I'm not saying there aren't ways to defeat Tor but I dislike this knee-jerk reaction that a lot of people have with it because of its origin.
That doesn't prevent the 99% of Tor users accessing hidden services exposing the location of the service to whoever is operating the majority of honeypot nodes.
It also doesn't prevent owners of relay nodes from construing the origin of traffic. It may not be as accurate assuming the user routes their traffic through uncompromised entry/exit nodes, but given the resources certain agencies have they can cross reference ISP etc traffic logs to determine the identity of tor users.
