I always advise anyone with an iphone just to throw the shit in the trash and use anything else. But it you use the iphone, here is yet another security breech:
I did a post a while ago on my own phone (a Blackberry, i.e. a secure device) that was spewing out requests over the wifi, basically finking me out as a coffee drinker and person that doesn't frequent five star hotels. [I ran kismet and saw the probes.] If the hotel is a one of a kind place, then the wifi could reveal where you have been, but there is no time associated with this. In a blackberry, you can turn off this quick connect scheme on a per AP basis, so I only leave the house and coffee shops enabled permanently. Of course if your SSID is unique, that can be tracked back potentially with the google mac database.
I've been tempted to change my MAC addresses just to piss off skyhook and google, but I don't know if anything bad happens if you change them. I wouldn't want to shoot myself in the foot just to mess with google.