Nine Reasons To Skip Firefox 2.0
This argument is unclear. One of the antiphishing modes uses a blacklist and the other submits URLs to Google. So it at worst is not both weak and privacy-violating at the same time. Going further, however, I would ask for a less vague argument about privacy. Switching on full antiphishing protection displays a warning notice to the user specifying exactly what sorts of data is sent where, and for what purpose. I hardly consider it a violation of privacy to allow people to explicitly choose to send their data somewhere else. (Of course, given that Google doesn't actually do anything with this data other than feed it into their anti-phishing database, I don't consider it a violation of privacy regardless, but we have options precisely because not all users will feel this way.)
The design doc I found on this was very unclear about what the capabilities are, but seems the provider list is extensible through prefs.js. Is that correct? If so, isn't this just a file-write away from being configured to make GET requests containing the full URLs you visit somewhere other than Google, without the user specifically going through the warning notice, or even knowing this is happening? Again, please correct me, but those things seem like client flaws to me... it doesn't really matter how Google handles the data if it's not going to Google, and full URLs shouldn't be going anywhere.