Outbound addresses aren't secret, because they are used for connections.
Roger has claimed here that some of them are indeed secret in the sensethat their owners do *not* want them to be published
Then maybe you should respect their wishes?
Exactly. Just like bridges that want to keep quietly doing their own good work without being autoblocked all to hell. Why the fuck people keep trying to expose different-IP exits and harken for their compliance with some random bs when Tor is supposed to be all about circumvention and privacy and independance of operators to the cause... is beyond me. And that TPO Inc seems bent on publishing them too... ugh. Leave them alone.
For that matter, what of operators that run VPN termination to offer users UDP and IP, or I2P or other networks, messaging, storage, webservers, coins, etc on the same IP's... calls to out them for "security", "reasons", or whatever too?
Stick to actual bad-exits, bad-relays, statistical anomaly divining of relays. Build better code and relay operator social / WoT proofing groups, explore parameters for subscribable selection sets, etc.