Tor puts quite a lot of effort into authenticating part of the infrastructure, why do you think they do not? And Tor isn't providing a "secure" transport, they're trying to provide a "mixed" transport to hide you among others. If you were the only Tor user (or facing a big enough foe) and Tor did no authentication, then those random encryption hops could get hijacked easy enough since a fake directory could get published right to you, and you'd happily encrypt each hop with a MITM key.