It's not just the Islamofascist "republic" of Iran that's cracking others' security these days. It's your deliberately-downloaded applications. Path intentionally uploads to its developers' servers your entire address book, straight off your smartphone.
Note to Apple: make a preference that allows you to deny access to the Address Book on a per-application basis. You want your call-placing app to connect incoming numbers to names, and to allow you to see names so you don't have to remember numbers; and you want your map app to get addresses for names you ask about; but hardly anyone needs to view the ENTIRE address book entry (birthday, social, your notes that contain their entry PIN codes, etc.) for anyone in the address book. Ever.
And for users:
Any physician who keeps patient contact information in his or her Address Book will immediately hit the $1.5 million dollar annual cap for civil monetary penalties the moment of Path's upload, and possibly twice: once for unauthorized disclosure, and once again for failure to safeguard Protected Health Information. Every physician customer is at risk of personal bankruptcy.
This is not a joke. Data privacy is extremely serious in some industries.