It's lower than visiting clearnet sites. Presumably the hidden service is using entry guards, so think of the connection as being backwards, where your entry nodes are the exit nodes, except you keep them for the whole session, whereas normal exit nodes rotate every ten minutes. So the chances of randomly picking bad nodes at the edges is lower. Now if the attacker lucks out as an entry point or brute forces his way to be an hsdir, then the chances are higher. In any case, you can use persistent bridges.