So, look at this through the eyes of the defender, in the context of breaches of other sites. Put aside ethics, right/wrong, law, etc.; what this comes down to is a security breach when viewed from the defender's perspective, right?
Okay, so when you look at past breaches, what do you find...breakdowns in basic security. Sony wasn't patching, Home Depot wasn't watching their security monitoring, etc. While many vendors and researchers are trying to come up with novel security products and solutions to solve exotic problems in unique ways, what's actually happening is entities aren't following Security 101.
There are signs that this has happened with Tor as well. Silk Road 2.0, for example, was registered using "Blake@Benthall.net," which is about as NON-anonymous as you can possibly get. It's not only giving up the name, it's the name as it's tied to a very specific "Blake Benthall," so that law enforcement wouldn't even have to set about figuring out which Blake Benthall it was. A quick warrant request, a fax to the hosting provider behind "Benthall.net," and the guy is toast. This is not very fucking good security, at a fundamental level. And even worse, it was what got Ulbricht, the original operator of Silk Road, caught.
The argument could be made that only some domains were hit because others were out of reach due to where they were hosted; I don't buy this. In the past, it's been possible to get significant disruption of even the most unreachable systems through a number of means. This is why the RBL "broke up" and went to ground; even being out of the reach of law enforcement didn't mean their IP space couldn't get blackholed by ICANN, for example, or domains ignored by upstream TLD resolvers in the DNS hierarchy. I do believe that this "out of reach" potential was why hundreds of domains were shut down, but only 17 people were arrested. But if there were a fundamental issue with TOR itself, I don't see why they couldn't (and wouldn't) take down all of the sites they would want to hit at one blow. But now three of the top six drug-sale sites are still up, including the one that was second-largest, Agora.
So this looks more to me like the variability of operational security among the operators of the different domains, and poor security by those that got hit.