* Use the Tor SOCKS proxy in such a way that it creates a guaranteed independent circuit to a different exit node each time you connect. This gets you back to the slightly stronger clearnet heuristic of "if I saw a bunch of peers announce my tx, then it's probably valid". I don't know if this is possible.
* Have a set of hard-coded long term stable hidden peers, that are run by known community members who are not going to collaborate to defraud people. Of course if they're run by people who are well known that rather defeats the point of them being hidden, but you benefit from the fact that the .onion names double as authentication tokens.
* Talk the Tor protocol directly and have the app explicitly pick its own diverse set of exit nodes, one per p2p connection. This is likely to be complicated. Last time I looked Tor doesn't provide any kind of library or API.
I agree that it's a kind of theoretical attack right now, but then again, I'm not aware of any countries that block Bitcoin either. The thing with Thailand seems like it might be the result of some confusion over who exactly can make laws in that country. I'd be more concerned about Argentina, but we're a long way from ISPs searching for people to arrest by looking for port 8333.
Supporting SOCKS (really: blocking sockets) would be a good thing anyway. Using blocking sockets also means we'd get SSL support, so if at some point Bitcoin nodes start supporting SSL we'd be able to use it more easily.