In the meantime, remember these things:
1) We do not pull data from your contact list before notifying you. There is now a notification in-game when this is done. And it is only done on the community page by YOU pressing the submit button.
2) We never store your contact list on our web server.
3) All data sent over the wire is now completely encrypted.
4) No contact data is saved on your phone's hard drive anymore. This has been removed.

Sounds good to us. [Aurora Feint]

According to their forums, if you opt-in to the community feature, Aurora Feint looks through your contact list, sends it unencrypted to their servers, and matches you up with your friends who are currently playing right now. Great feature, for sure, but that whole looking through our contact list and sending it in plain text to your server is cause for us to go OMGWTFBBQ.

When we discovered that the Apple SDK allowed us to look through your contact list we thought it would be a great idea to automatically show you which friends are playing the game. Why automatically? Well, everyone always complains about the keyboard on the iPhone and how annoying it is to type on it. So we thought, "Hey, why don't we make this feature REALLY easy to use – no typing!" And such, the community feature was born. Some people have said that it would have been ok if we had a better notice explaining what was going on. I agree! We weren't trying to be sneaky about how this worked. It was just overlooked. No one we showed it to even asked a question about it – nor did we. It just simply never came up as a potential issue when we beta tested the game with early users.

Upside is, if you didn't use the community feature, you're OK.

In the 1.0 version of the game we just didn't get around to doing everything we wanted to do in time for the launch: remember we tried to do a high quality game in 10 weeks flat. So, if you opt-in to the community feature, when you refresh your friends, the data is sent unencrypted to our web servers. Before you freak out though, let me explain why this was done. We just thought that it was a cool feature and that we'd implement security stuff if we became popular. To that end, the web server we launched with was a teeny box with almost no power. We spent the first few days scrambling to scale our servers. We really had no idea how popular we were going to be. We added this feature in near the end of our development cycle and simply decided that we didn't have enough time to spend to make it secure in advance of knowing if it was even going to be a hit.

Good intentions by slightly amateur programmers. It's alright. No malice intended. They're actually asking the community as to how they should proceed, and you should go tell them.

It's also a credit to Apple for finding out the mistake and shutting it down. Even though the line about having all apps be vetted through the store in the first place was to make sure all of them are safe, some stuff like this still slipped through because it's pretty much unfeasible to test each application to make sure they're not sending out your private data. Apps and app updates are already delayed for a week or more because Apple's checking them out. [Thanks mjborch1]

The points are used on blueprints and magicbooks, just timed versions of the mining game. They are supposed to enhance your power, but so far I haven't noticed any difference. Still, the game is fun and I'm hooked.

As the name implies, the makers claim this is is just the beginning of a complete iPhone MMO, and I'm looking forward to what games and interactive features will be added next. [App Marathon]