I see the points on both sides here. Is what is being sent an issue, from what I see, no.
However, the fact it is has at least breached one of my contractual agreements, and even being an Observium user for a long time, I wasn't aware of this either and I have read much of what is online docs wise. I haven't read the contents of all files as I shouldn't need to. At least if I get a security team RFI I can reply with knowledge vs finding out the hard way - now that I wouldn't have been happy with.
My view would be to put this into config.php and therefore a little more in your face. Default it to on, but its there and easy to turn off. One could argue that if its on and prompts during a discover run might be a nice touch too.
Several open source packages collect data for this reason but usually spit out that it is enabled, etc, etc.
If its over stated then there can never be any assumptions or questions raised over it. It sounds like online documentation of this has now, recently, been added.
Just my $0.02 on the topic.
The fact that I could read the PHP in question to see what it's doing is beside the point. Setting aside Adam's recent (in the last hour) ninja-edit of the FAQ to cover this topic, adding a phone-home function to Observium that isn't/wasn't advertised and (assuming you've discovered that Observium phones home in the first place) can't easily be opted out of is disingenuous and worrying.
Adam's dismissal of my legitimate question as trolling is pretty fucking disingenuous as well, given the nature of what we're talking about. Equally, the suggestion that I'm only asking about this since Adam published the usage stats page 'earlier' is pretty facile. If that page had existed when I discovered this behaviour, I wouldn't asking the question.
Finally, this phone-home feature is relatively new as far as I can tell and I don't recall an email to the list announcing it.
Ah well, Observium - it was nice while it lasted.
Dermot