Take a look at this piece of the EULA agreement that was added after all the hype, complaining and lawsuit threats reached their peak. Basically it allows Blizzard to scan your computer and ...
"... COMMUNICATE INFORMATION BACK TO BLIZZARD, INCLUDING WITHOUT LIMITATION YOUR ACCOUNT NAME, DETAILS ABOUT THE UNAUTHORIZED THIRD PARTY PROGRAM DETECTED, AND THE TIME AND DATE THE UNAUTHORIZED THIRD PARTY PROGRAM WAS DETECTED; AND/OR (b) EXERCISE ANY OR ALL OF ITS RIGHTS UNDER THIS AGREEMENT, WITH OR WITHOUT PRIOR NOTICE TO THE USER ..."
In other words, the client can (and will) scan your entire computer looking for a program that seems "unauthorized," and reports back to Blizzard on what it finds. It is never stated whether the client considers your passwords, credit card numbers, web history or email addresses to be "unauthorized" so we're forced to assume that is does.
Although there is no "actual" evidence that Blizzard has done anything with our personal information, this is exactly the kind of thing people are pressing in courts to be considered illegal. Regardless of whether Blizzard is a "trustworthy" company, giving that sort of information-gathering power to a company is dangerous the moment an employee decides that he is underpaid and wants to make a few "changes" to the client that we are forced to keep on our computer.
Hiring a maid to clean your house, and catching her snooping around your family photos and financial information in that drawer you told her not to touch.