Boing Boing reported today on a new "feature" of iTunes 6.0.2 that sends the song you are listening to to a third-party marketing company without your consent or knowledge. This appears to only occur when the new Mini-Store pane is showing.
Reading the Boing Boing post gave me a couple of other ideas about potential privacy issues related to iTunes listening, one of which was the simple observation that iTunes is a specialized browser but it doesn't include even the basic security & privacy features of Safari (e.g., cookie editing).
A very quick Google search didn't come up with any corroboration of my other hunch, so I thought I'd verify using tcpflow to monitor my network traffic. Anyway, it turns out that if you are using the "Current iTunes Track" status in iChat, the song you are listening to is also broadcast to AOL servers. Not surprising in itself, but the song is not just as a simple text string, but rather a full URL in the form itms://itunes.com...
This is needed so that when your song shows up in someone else's buddy list, it contains a link to the iTunes Music Store. But, is it stored or used for anything else? OK, perhaps not quite as scary as the Mini-Store data, but then again, we don't yet really know.
Update: ars technica has also posted an article on the new Mini-Store marketing "feature".
UPDATE: Apple was quick to fix the Mini-Store issue, kudos to them! The Mini Store is now off by default, and a concise warning appears when it is turned on.