Don't take anything on trust!

The whole Tor codebase is publicly available, with all its documentation. You can download it yourself and look over it. Hundreds of thousands of programmers better than me have done so. Bugs have been found, and patched. 

Crooks and cyber-terrorists have spent years trying to find exploits they can use to crack Tor and steal secrets and cryptocurrency. They've all failed to date, but some have found ways to make it waste resources and crash. Those have been patched, too.

Nothing made by humans can ever be infallible or immune to misuse, but Tor has certainly been field-tested more than any similar tool.

According to Edward Snowden, the bad guys (NSA) have spent a lot of resources trying to break Tor, and failed. "Tor Stinks", the leaked presentation was headlined. 

They and their frenemies in the FBI have been able to catch Tor users, but only by tricking them into downloading viruses that target other software on the users computer - Firefox (since patched) and various media players.

Tor's not magic, but its pretty darn good at what it does. Thats just the start of your OPSEC journey, of course.