Onion site URLs are impossible to remember, and even more impossible if they are ONION v3.
So it is almost necessary for an user to bookmark an onion site if he wishes to visit it again, or he won’t remember it.
From this discussion https://www.reddit.com/r/TOR/comments/3320vt/how_safe_is_bookmarking_on_tor/ i deduct it is not secure to use bookmarks on TOR browser, due to an attacker’s ability to :
2- Even if you disable JS with NoScript, when an attacker/cop has your PC in his hands he can find out which sites you visited, by reading your bookmarks.
About problem 1:
I ask the devs if they can prevent JS code to read bookmarks in TOR browser, or if there are special plugins that can be integrated.
Many sites require JS, so it is not always desiderable to disable it. Even with reddit i have trouble logging in with no JS.
About problem 2:
it would be cool if there is a handy way of encrypting the bookmark list with a user-defined pwd, and save it to a file.
So that when the TOR browser gets closed it automatically cleans the bookmarks, and they can be re-imported from file the next time.