Well, this is unsettling. Apparently, ever since this summer's iOS 4 release, iPhones have been quietly tracking your location at all times, logging that info in an unencrypted file that anyone can access. Yikes.
The privacy issue was discovered by two security researchers, Alasdair Allan and Pete Warden, who worked for Apple years ago on desktop visualization software (though not on anything related to the iPhone). The location info is easy to access, both on your phone (or iPad) or on any computer that you've synced it to. The location info appears to rely on tower triangulation rather than GPS data, meaning it locates you even if you have location services switched off.
Curious what your tracking data looks like? You can download the program that opens up the info and sticks it on a Google Map, showing exactly where you've gone since June. It is scarily accurate.
The team has assembled a pretty comprehensive FAQ going over the how and why, but the answer to "what's so bad about this" is probably the most telling:
The most immediate problem is that this data is stored in an easily-readable form on your machine. Any other program you run or user with access to your machine can look through it.
The more fundamental problem is that Apple are collecting this information at all. Cell-phone providers collect similar data almost inevitably as part of their operations, but it's kept behind their firewall. It normally requires a court order to gain access to it, whereas this is available to anyone who can get their hands on your phone or computer.
This is definitely not good. You can expect a response from Apple pretty soon about this one.