IIRC there was a man in (I believe) Austria who recently got arrested for this exact reason and he was trying to scrounge up enough in donations to pay for his legal fees.
+-----+
| You |
+-----+
\ <= encrypted _
+----------------+ | T
| Tor Entry Node | | O
+----------------+ | R
\ <= encrypted |
+------------------------+ | N
| Tor Bridge/Relay Nodes | | E
+------------------------+ | T
\ <= encrypted | W
+---------------+ | O
| Tor Exit Node | | R
+---------------+ _| K
unencrypted => \
+----------+
| Internet |
+----------+
The exit node is the only one that the wider Internet sees. All other traffic within the network is encrypted.
It's that first step I don't get. How is the traffic between you and the entry node encrypted? Can't someone monitoring traffic know that you're on Tor (even if they can't know what you're doing on it)?
The box labeled "You" is not just a web browser. It should include a local (as in local to the machine running the browser) Tor proxy like Vidalia. See https://www.torproject.org/projects/torbrowser.html.en for an example.
It is basically TLS, so if you are connecting to a public node then it is easy to see that you are using tor. This is why we need more bridges that are slightly more difficult to enumerate.
No one needs that, hence the supply is low.