A valid concern, indeed. However, that’s not the only thing that should concern everyone: how does a browser check to see if a website is “malicious” or not? Does the browser submit a list of EVERY URL the user visits? Does Google keep this data forever? If the browser just downloads and saves a local copy of a list of “bad” websites, and checks against a said local copy of said list, that’s not really a threat to privacy. But, if the browser queries Google’s servers everytime someone types a URL or clicks a link, that is completely horrible.