Actually there almost certainly are secret Tor exploits, but they are not intentionally introduced by the Tor developers and they were not used against TFM. Tor has had several remote code execution vulnerabilities discovered in it in the past, and if attackers discovered them prior to Tor developers or non-malicious security researchers who cooperate with them, they would essentially be secret Tor exploits.