Let's see.. SOCKS5, being an application layer proxy, simply takes an application layer payload from a client app (say MacBook Safari).. re-packages it into its own TCP/IP headers and sends it out to the Internet. Because SOCKS5 is an application layer proxy - individual apps must support it in order to communicate to the Internet. You can't just use any generic app with SOCKS5 proxy.
SOCKS5 client (your MacBook with Safari) never participates in any direct communications with Internet hosts, it only talks to the proxy host itself (iPhone in this case).
So what this means is the fact that you're accessing the Internet via 3rd-party device is made largely invisible by the proxy. I say "largely" because if AT&T wants to examine application layer headers (highly unlikely) - they can see your User Agent ID (aka Browser ID) as "desktop Safari" rather than iPhone's native "mobile Safari". If you're really paranoid, there are plug-ins that let you set your Browser ID to whatever you like, so you can spoof mobile-Safari ID on your Laptop.
Everything else (including your ESN) stays the same as if you were browsing the web directly from your iPhone. You're absolutely safe from AT&T, just as if you were using anonymizing proxies on the Internet.
Don't know if that was "concise" enough, but hopefully helps.. and don't listen to all the paranoia and fear mongering on this thread.