more like a genuinely useful app, which secretly scans the user's directory periodically (ideally, it could do this when the screensaver kicks in, so the user doesn't notice) for useful keywords (password, credit card, social security number etc), encodes the data so it's not easily readable, and sends it as part of a 'check for version updates' request, so even if the user has Little Snitch installed, it looks innocuous.
So yes, smart users avoid warez sites and cracked software; but a more subtle attack like the above would catch out even a lot of wary, experienced users. I've installed a lot of 3rd party software.. Perian, VLC, MediaLink, Rivet, Flip4Mac etc. How do I KNOW none of them is doing anything malicious, without reading through - and understanding - every line of code?
That's why I'm worried when people say "I'm smart, so I'm safe". A lot of people seem to believe they're immune from such an attack, without anything there to protect them.