I use Pdroid in conjunction with several other apps which gives me a pretty good idea of what is sending data from my phone. Any app I don't think needs to communicate with the internet for functionality, I block with the firewall and use the log to do discovery on any blocked packets. I have caught several apps (market, no less) attempting to send packets to bogus http sites (most likely keystroke captures) and also to group ad sites that presumably disburse to the developers by the visit.
Any app I feel does need internet access, I pair Pdroid with Shark for root and Shark Reader, and use a winnowing process to analyse any suspect traffic.
I have found very few market apps that are involved with much more than unethical ad traffic, which while irritating and scummy, is a little less than dangerous. I just believe in stymying the efforts of unscrupulous developers ad publicizing any results I find. Last week I found that the trending market app Cartoon Wars was using its permissions to register users info with KRNIC, which is the National Internet Registry of south Korea. I, personally, like to know when my info is being sold to foreign intelligence commissions, info related to permissions as varied as network location and imei(good luck on the nook, right?) to incoming phone numbers (HA!)
I use Pdroid to compromise the integrity of the data should anything fall through the cracks. The more unnecessary permissions I find, the more attention I pay. Good developers explain theirir permissions, and avoid asking for unnecessary ones. I should feel comfortable buying cables on amazon, and Pdroid helps me get there.