It makes sense that Zdziarski would garner so much attention. After all, he's the author of the upcoming book iPhone Forensics. However, John Gruber says that:
An informed source at Apple confirmed to me that the “clbl” in the URL stands for “Core Location Blacklist”, and that it does just that. It is not a blacklist for disabling apps completely, but rather specifically for preventing any listed apps from accessing Core Location — an API which, for obvious privacy reasons, is covered by very strict rules in the iPhone SDK guidelines.Aha, this makes sense, because even Zdziarski said that the URL was buried deep inside --- Core Location code. Since the Core Location API would allow an app to access GPS functionality, meaning a whole host of privacy concerns, Apple has placed obvious limitations on its use.
It also makes sense because as we know Apple has another way to deactivate "offending" apps --- revoking a developer's security certificate. Of course, that would disable a developer's entire library of apps.
Obviously, Apple didn't think people would go poking around in its code ... or maybe it did, but didn't think it would cause such a storm. Still, a little openness might have derailed the whole issue.
On the other hand, just because it's limited in use now, doesn't mean it can't be expanded in use later. More to come ... maybe.