I may be wrong on this. It's my understanding that the first hop in
the chain is created differently, via create-fast, than the nodes
after it; this means that someone spying on network traffic that sees
"create-fast" knows that they are looking at a source node, and can
tell the originating IP.
If the first node is made no different than the normal nodes, and
entry guards are not used, then no one knows which node is the first,
and no one knows what to spy on / correlate traffic with. Right?
Also, what if the path length was "mostly 2, occasionally 3 if the end
node is not a tor node, but always 3 (2 intermediate notes) ending on
the tor/end node"? Would that help the unpredictable-ness, without
causing slowdown?