Some things that have been found are borderline scary.
One fact uncovered is that credit card data used to make purchases on PSN is not encrypted separately, with Sony instead relying on the standard SSL. The problem being SSL is end-to-end encryption, and with so many users using custom firmware (that other people made) there's no guarantee the firmware a user has isn't copying the information and sending it elsewhere (as it's easy to sign your own SSL certificates). In addition many users with modded PS3 systems set alternate DNS servers in order to bypass some of Sony's firmware checks when allowing PSN access. These DNS servers could also be re-routing personal/finance information to places other than Sony's servers.
The documents provided mention more about what the PS3 communicates back to Sony, which includes info such as your television model, any attached USB devices, and your playtime habits.
Just Another Reason I Don't Trust Them