Well, this traffic is sent after link establishment, so at least in a WPA network, it's already encrypted (hopefully it doesn't do the same in unencrypted networks). Still, any member of the network could sniff the MACs of the last few APs the device was connected to, which as you said, it's a security/privacy leak.