Tor Browser shouldn't keep certs on disk
And/or it should encrypt them.
First one is the bookmarks which is saved unencrypted and also backed up each day. I think we need a tool in TBB to use them easily as encrypted (password protected). We need an extension or something?
The second is the certificate exceptions. This is a "nice history feature" where most people don't know the websites are saved in a text file (I just found it out too).
You can find your exceptions in these files:
cert_override.txt (Looking at this one is enough) cert8.db
If possible, TBB should avoid saving permanent exceptions. Otherwise saving the exceptions permanently shouldn't be checked by default. Or any saved exceptions should be cleared at "New Identity" and exiting TBB.
If you can fix these issues, everyone including me can comfortably use TBB in any unencrypted storage.