We have never combined data from these checks with information
about Apple users or their devices. We do not use data from these
checks to learn what individual users are launching or running on
their devices. These security checks have never included the
user’s Apple ID or the identity of their device. To further
protect privacy, we have stopped logging IP addresses associated
with Developer ID certificate checks, and we will ensure that any
collected IP addresses are removed from logs.
In addition, over the the next year we will introduce several
changes to our security checks:
A new encrypted protocol for Developer ID certificate revocation
Strong protections against server failure
A new preference for users to opt out of these security
They posted this update over the weekend.