So you're ok with all of your address book information being uploaded to 3rd party vendors then? Because you're only addressing the Google issue when I clearly brought up two similar issues.
Personally - I would rather someone know what websites I've been to than all my my friends, family and business associates contact information, notes, birthdays, etc that are in my contact database. But hey - that's just me.
Personally - I'd prefer neither exist. But if I HAD to choose one problem - it would be website tracking over contact exploits.
You're confusing a security hole in a company's product that needs to be patched with some dirty shady company actually going around finding and exploiting security holes.
For example, Microsoft Windows for a long time has been called out for having security holes. Many people get on Microsoft to fix those holes and they eventually do. And nothing is ever completely without security holes. However, the real ire is directed at the dirty, sleazy, malware, trojan, and virus outfits that actually exploit the security holes that they find.
In this situation, Google inexplicably chose to put themselves in the situation of being on the level of a dirty, sleazy company that exploits security holes that they find. There is absolutely no excuse for that from a major company.
Having a security hole that you need to fix is one thing.
Actively going around and exploiting security holes is something entirely different.
The only thing similar to this I have ever seen from a major company on this level is the infamous rootkit scandal involving Sony's CDs back in 2005.
This is absolutely disgraceful.