A VPN just moves the problem around. It works if there is one repressive country. It doesn’t work when all the countries are repressive.
This is suddenly a non-academic concern for me. I live in the UK. I didn’t think it could happen here, and now it is; my government will be recording all internet activity, and legal-but-minority sexual interests (some of which I have) are about to become illegal to pursue over the internet. This is my homeland, with an ancient and proud civil liberties tradition. If I can’t trust the British government to protect my freedom, I don’t think I can trust any other either, so getting a VPN in another country seems, at sandbag for the next few years. It won’t hold back the tide.
The “diversity” argument is just security through obscurity by another name. The specific criticisms of the tor browser bundle are valid (although I would like to see a more fleshed-out argument as to why and how firefox’s exploit mitigations are inferior to the alternatives), and I would certainly like to see a Tor Browser Bundle-like product with a fast patch pipeline (though I think using a LTS release that doesn’t patch non-security-relevant bugs is probably still the right approach). At the same time you can’t rely on e.g. central update servers without creating a vulnerability, and releasing too often without automated updates damages the privacy protections. So improvements would be great, but they’re not trivial.