They put backdoors on basically every phone in secret, threatened the guy who outed them with a lawsuit and are perfectly capable of snooping on everything, whether they do so or not.

What do you know about them that makes you trust them?

Nothing. There's just a likely innocent explanation for all three of those things:

1. CarrierIQ is a "secret" in the same sense as the network management software that Sprint uses that can also see all your SMS messages is a "secret": (a) nobody at Sprint thinks its relevant to you, and (b) nobody at Sprint thinks its any of your business. Which, if you take a breath, strictly speaking about the performance metrics they're collecting, it isn't your business.

2. CarrierIQ was dumb about threatening this guy like lots of other companies have been identically dumb. Companies have threatened to sue me. I remain cordial with the owners of some of those companies. Welcome to security research; we don't have jackets, but we sure get a lot of press.

Incidentally, put yourself in CarrierIQ's position and assume that this particular researcher is full of shit, meaning, no, CarrierIQ is not snooping on people's keystrokes. What would you do? There's a guy out there claiming that their performance agent is a "rootkit". They got pissed. Surprised?

3. Any piece of systems software the carrier agrees to stick on the phone is capable of snooping. Sprint itself could just backdoor their Android distro.

In their shoes, I would have contacted the researcher and explained myself. While unsurprising, that move was unwise, and I would imagine that you agree on that point at least.

I think someone once said that sufficiently advanced incompetence is indistinguishable from malice. Whether they're dumb or malicious, I'm just glad their crap isn't on my phone.

Even they seem to agree with it; rather than just shutting up about their C&D, they actually issued a formal apology to Trevor. That's an uncommon move.

I don't know whether some other shoe is about to drop; for instance, someone could actually show that they're transmitting real keycodes and not just metrics data. But in the absence of that shoe dropping, especially given how many people have jumped to a conclusion about CarrierIQ, I'm inclined to believe that what they do is actually benign. If you want to get upset at someone, get upset at the carriers themselves. When you do, remember, they're already recording all your messages without CarrierIQ.

Ok, now see, I missed that part about the apology somehow; I only knew that they dropped the lawsuit when lawyers stepped in. While there's no way I'd allow this crap on my phone, it does get them a little credit.