First of all, it's not that big of a problem. While our list looks long and scary, there are around 1,000 exit relays, so the chance of selecting a bad one in your circuit is not high. Furthermore, Tor's path selection algorithm is weighted by a relay's bandwidth for load balancing (one of the many performance/anonymity trade-offs). Many of the fastest relays of the network are run by well-respected people and organisations such as the CCC. Also, the Tor Project "removes" malicious relays from the network (see Section 1.1 in the paper).
Finally, we published our scanner for a good reason: to crowd-source the hunt for more malicious relays :)
I've only glanced at the paper and haven't looked at the code at all so forgive me if I'm asking something that's easily answered in one of the two.
Regarding your scanner, is it possible to "set it up and forget it"? I work for an ISP and have plenty of machines and bandwidth available. If I can set this up on a box and let it do its thing without needing to babysit it or look after it constantly, it makes it much easier for others (like me) to help out with the "crowd sourcing".
That's a good point. It's not possible right now (unless you wrap it into a shell script) but we want to add some sort of "continuous scanning" option over the coming days/weeks.
Finally, we published our scanner for a good reason: to crowd-source the hunt for more malicious relays :)