UDP is always preferred over TCP when used with OpenVPN.
The reliability that TCP offers that UDP doesn't isn't relevant in this context since most of your pre-encrypted traffic will already be using TCP (WWW, email, etc.), so any retransmitting of packets or integrity checking would be done at the OS level of your machine, it's just wrapped up in a UDP packet when OpenVPN encrypts it.
Plus, OpenVPN does it's own integrity checks and retransmitting of packets.
More technical info about why TCP OpenVPN is a bad idea is @ http://sites.inka.de/~W1011/devel/tcp-tcp.html
That page talks more about PPP, but OpenVPN could apply to those issues as well.
The only reason we also offer TCP OpenVPN is for those who are behind firewalls that are so restrictive that they don't allow UDP OpenVPN out. There's also a few cases where the ISP mangles or otherwise throttles UDP OpenVPN traffic, but not TCP OpenVPN traffic.
And yes, the .onion thing still works. All of the server-side Tor instances are running the latest version of Tor, which means those new v3 .onion's described @ https://trac.torproject.org/projects/to ... tGenOnions
can also be transparently accessed while on cryptostorm.
And just for fun, we've also added our own v3 .onion's to the list @ https://cryptostorm.is/map