Various ideas are possible:

* Use the Tor SOCKS proxy in such a way that it creates a guaranteed
independent circuit to a different exit node each time you connect. This
gets you back to the slightly stronger clearnet heuristic of "if I saw a
bunch of peers announce my tx, then it's probably valid". I don't know if
this is possible.

* Have a set of hard-coded long term stable hidden peers, that are run by
known community members who are not going to collaborate to defraud people.
Of course if they're run by people who are well known that rather defeats
the point of them being hidden, but you benefit from the fact that the
.onion names double as authentication tokens.

* Talk the Tor protocol directly and have the app explicitly pick its own
diverse set of exit nodes, one per p2p connection. This is likely to be
complicated. Last time I looked Tor doesn't provide any kind of library or
API.

I agree that it's a kind of theoretical attack right now, but then again,
I'm not aware of any countries that block Bitcoin either. The thing with
Thailand seems like it might be the result of some confusion over who
exactly can make laws in that country. I'd be more concerned about
Argentina, but we're a long way from ISPs searching for people to arrest by
looking for port 8333.

Supporting SOCKS (really: blocking sockets) would be a good thing anyway.
Using blocking sockets also means we'd get SSL support, so if at some point
Bitcoin nodes start supporting SSL we'd be able to use it more easily.