While last week's suggestion that Yahoo was switching browser preferences without explicit permission, was a black mark for the company, it doesn't come close to the allegations that Google has revealed confidential information about its users.
TechCrunch is reporting that Google's anti-phising blacklist contained confidential usernames and passwords of individuals, including logins for bank accounts etc.
Google has not publicly discussed the error, although they quietly removed the offending data. They have, however, acknowledged it in email correspondence with Finjan, which was forwarded to me. Google has since removed the confidential data.