So Eve could also get a cert for facebookcorewwwi.onion?

Yes. I submitted a request for one just now, actually. Hopefully the CA doesn't flag it for containing Facebook.

Just had it issued. Probably going to write a blog post now.

Did you get it from DigiCert? Or from another CA?

GlobalSign.

edit: They've revoked the cert. :(

But does TBB check for revocations? I bet the answer is no because otherwise it'd be sending the sites you visit to CA's via OCSP and Tor would never want that. So I think you still win.

You could still get a full revocation list (via Tor or not). In fact using OCSP over Tor should be safe? FB sees some-exit-node, sends you a cert, CA sees some-other-or-same-but-not-provably-you requesting status of FBs cert. Unless FB sent you a specially craftet, session-spesific cert, CA would only see that "someone" checked the status of FBs cert. And with no immediate link between "you" and "someone"? Much as DNS over Tor is safe (but DNS over udp isn't)?

What a shame I didn't put a bunch of likely new TLDs into a cert before they became valid TLDs... ;-)

Do note CAs have to revoke all certs within 30 days of ICANN signing a contract with a new TLD provider.