We consider the problem of a client querying an encrypted tree structure, outsourced to an untrusted server. While the server must not learn the contents of the binary tree, we also prevent the client from maliciously crafting a query that traverses the tree out-of-order. That is, the client should not be able to retrieve nodes outside one contiguous path from the root to a leaf. Finally, the server should not learn which path the client accesses, but is guaranteed that the access corresponds to one valid path in the tree. To this end, we initiate the study of Iterative Oblivious Pseudorandom Functions (iOPRFs), new primitives providing malicious security for these applications. We present an efficient iOPRF construction secure against malicious clients and servers in the standard model. We demonstrate that iOPRFs are useful to implement different interesting applications, including an RFID authentication protocol and a protocol for the evaluation of outsourced decision trees.