I’ve got a program that checks all outgoing connections from my software and I do see several programs that do “call home” when they are started. Some I allow and others I don’t.
However, in all the years of using Safari, I’ve never seen it want to “phone home” to Apple.
But, I have seen, when loading certain web pages, that certain of those web pages will trigger a connection on a certain port to a certain outside IP number. That has nothing to do with Apple and has to do with that particular web page that you’ve accessed.
And one other time, I kept seeing certain cookies showing up all the time, even though I never accessed those web pages. The cookie would keep reappearing, after being repeatedly deleted. It wasn’t Apple’s web site, but a completely different company. I finally found out that it has to do with some RSS link that I had in the bookmarks, that was causing it to go back to that web site all the time and reset the cookie. So, I deleted the bookmark and it never did it again.
So, there are a lot of things that can go on, other than Safari “phoning home” to Apple. It doesn’t do that.
Security through obscurity is one dimensional. Once the ROI of exploitation is outweighs the effort needed to exploit, you might as well lay back and enjoy it (that is IF you even know its happening). Most likely you won’t even know when you have been “picked”.
Yes, it's possible to forestall this sort of thing in Safari by using ZoneAlarm (or some similar program), but it requires denying Safari the right to connect, then removing it from the list of permitted programs and then re-allowing it to connect. Aggravating.