At the Where 2.0 conference Alasdair Allan and Pete Warden announced they have found that the iPhone and iPad 3G is collecting and storing location information on the device. The collection of the data has been occuring since the release of iOS 4. The information does not appear to be transmitted from the phone, but it is being stored unencrypted and unprotected on the device, although the only way to access the data is via the PC where you back up your iPhone.
To protect the information on your PC, you can configure iTunes to encrypt your backups. Click on your device within iTunes and check Encrypt iPhone (or iPad) Backup under the Options area.
The location information being collected includes latitude and longitude, but it is not very precise suggesting the information is coming from cell towers rather than GPS. In fact, that means the latitude and longitude are most likely for the cell towers your phone connects to, so the association with the cellular network suggests the information could be collected to help troubleshoot communications issues.
In my opinion, the revelation that the iPhone is collecting this type of location information isn’t a surprise. What is a concern though is that the information is not being handled securely. I wouldn’t be surprised if in the near future the laws for how companies must handle non-public information for individuals is expanded to include information that associates a person with a location.