Not to mention that with connections to clearnet the client will not select the same node as entry and exit, but with connections to hidden services the client could very easily share an entry guard with the hidden service. Active timing attacks linking clients to clearnet websites require a minimum of two nodes, but the same attack can be done with a single compromised node against hidden services. And if the hidden services entry guard is owned by an attacker it is trivial for them to determine which hidden service they are the entry guard of, and thus obtain the hidden services real IP address.