It suggests he may not have actually use TOR for administering his server.
Though, of course, if they have broken TOR then that's exactly the sort of false information they'd want to give...
Or even just assuming that your client is safe and wasn't tampered with in transit - did you download the source and check every line of code before compiling...?
The default Tor client ships with a JavaScript-enabled Firefox that is constantly receiving security updates - visit the wrong website and splat.