an onion address is a promise and a mechanism to assure that you are taking seriously the needs of the people who use Tor.

Since onion services can receive incoming connections even if they are behind a router doing network address translation (NAT), TorChat does not need any port forwarding to work.

The client is relying on the server's unauthenticated DH public key Y to somehow authenticate the server's knowledge of X. Obviously, this is making an assumption about a DH that could be bad, thus is an unsafe protocol. This is Tor's (older) TAP circuit handshake (using regular DH, not ECDH). The original deployment was easily attacked by a fake server sending a public key Y = 0, 1, or -1, thus allowing the fake server to calculate Y^x without seeing X [TAP].