Found this rather interesting --->
Vincent wrote on August 1, 2010 Via
Hackers Release Data-Stealing Program to Push Google to Plug Holes at Security Conference | Android Phone Fans
thatís assuming your phone has been rooted by the standard means and has had the root-privileges-protecting Superuser.apk (and the custom su binary) installed. Otherwise if your phone isnít rooted this app presumably does it for you and then happily abuses the privileges. So having a rooted phone probably serves to *protect* you against this more than anything.
So looks like we need to be more carefull than ever