Couldn't a malicious master node compromise the identity of the sender?
Yes he could. That's why the dis-incentive to own a large number of masternodes for this purpose. That's also why anonymity upgrades are programmed for RC4.
As far as I remember from the technical discussions back in March, there is the possibility of doing "blind signatures" in which case the node doesn't know what is happening. However that model is problematic to implement due to DOS attacks and misbehavior that halts the transaction and everyone is left waiting forever. So non-blind signatures were implemented instead and, from what I understand, Evan has thought of a way to make non-blind signatures work in a more anonymous way (?). We'll have to wait out till RC4 to find out what's on the cards.
Is there an easy way to always connect to a "trusted" master node to relay your transactions? Is anyone out there helping to get some trustworthy master nodes established?
It doesn't go like this, as the masternode is chosen at random (or pseudo-randomly, I'm not sure). I think if the node was known in advance or selected, it would be problematic in other aspects. For example, if you selected node 240 for mixing and I selected node 321 for mixing, how would we mix our coins? So there has to be a way where everyone is using the same node for mixing in the same round.
An alternative to obfuscating the money flow to bypass the problem of the bad actor is to DarkSend the money multiple times. So if 10% of the network has bad actors, if you darksend money two times, it goes 10% x 10% = 1% chance... if you darksend them 3 times it goes 10x10x10 = 0.1% chance of the bad actor knowing the money flow from start to finish.
