Yes, it's possible, but not very probable.
That's "just" the identify where the traffic is from
attack, which is of course bad enough. I thought
I heard it having been used in the wild, but can't find the reference... I was probably just thinking about the theoretical attack.
I would be very wary of using Tor if you are sending sensitive data, anyway, some exit nodes are operated by questionable organizations or countries... I suppose maybe you could encrypt your traffic before it's sent, but I don't know if such thing would be feasible.
TOR does it's own encryption, but obviously this can be decrypted, since the exit nodes need to send something the final destionation host (outside the TOR network) can understand. So if your data is traveling through a TOR node operated by somebody with malicious intents, won't they be able to see your data stream?
Of course you can use your own encryption before going through the TOR network, but anything that's attackable with a man-in-the-middle approach will be vulnerable, since the TOR network is effectively a whole lot of middle men.
I'm not sure how often TOR's routing changes, though... if it did often enough (ie, multiple times even for the same connection) it would be a lot harder to do attacks. But my guess
is that once a stable/fast route is found, it'll prefer that route.
I suppose maybe you could encrypt your traffic before it's sent, but I don't know if such thing would be feasible.
), PGP encrypted emails, password-protected RAR archives, etc...