Or even just assuming that your client is safe and wasn't tampered with in transit - did you download the source and check every line of code before compiling...?
The default Tor client ships with a JavaScript-enabled Firefox that is constantly receiving security updates - visit the wrong website and splat.