I believe it is a concern. Here is an article that explains some of the issues:
http://www.zdnet.com/blog/burnette/c...cy-threat/1987
I am less concerned about the application accessing private data than I am with what the application will do with the data. For example, if the application has no way to send the data to another application or to send it out of the phone, then there is less risk.
My strong advice is to not put information on a computer that you *really* don't want others to have, or ensure that that computer does not have access to the Internet. The creativity of the crooks is really amazing.