Ever since Apple release Safari 3.2 (yes, the one that broke Acid 2 on my PPC G5), it's been transmitting data to the Google Mothership where I've been gong:
192.168.1.257 - - [27/Nov/2008:20:51:37 +0000] "GET http://static.cache.l.google.com/safebrowsing/rd/goog-phish-s havar_s_31096-31100;31096-31100;: HTTP/1.1" 200 1232 192.168.1.257 - - [27/Nov/2008:20:51:37 +0000] "GET http://static.cache.l.google.com/safebrowsing/rd/goog-phish-s havar_s_31101-31120;31101;31102-31120: HTTP/1.1" 200 77 192.168.1.257 - - [27/Nov/2008:20:51:37 +0000] "GET http://static.cache.l.google.com/safebrowsing/rd/goog-phish-s havar_a_36306-36310;36306-36308;36309-36310: HTTP/1.1" 200 198
There wasn't anything in the update notes or a way of opting-in; it was all opt out and enabled by default. There's an argument that means sites that you aren't familiar with for unfamiliar users might be useful, but at least giving people the choice would be a sensible argument.
To disable sending tracking data, you can execute the following:
defaults write com.apple.Safari WarnAboutFraudulentWebsites -bool no
That has the same effect as disabling the option in the preferences window, but if you have a number of Macs that you look after you might want to execute that across the board.