Agreed, although I'm not sure how much to trust every cooked rom out there either, but I usually (on a smart phone.. not blackberry since noone seems to care enough to try and write an OS for it) reflash mine with custom firmware. Usually just for fun but it also can get some nicer features or if it's fast enough load the next version of the OS despite the manufacturer not making it available for your phone model.
However I have no idea of course what's included in the modified versions, so it's quite possibly there too but at least it's usually rooted so you could go hunting for it.
It's strange though, I mean certainly plausible and probable that the company does have that stupid software and perhaps it IS keylogging, etc but I'm curious what evidence there is that it's actively sending the data and what controls are in place for the storage of the data. It's quite possible that the software is there as a debugging tool and only active in a live logging environment. Not that I trust phone companies not to do that, and I'm sure there is and has been some US laws designed to require that ability that are probably at stake here. I think both iOS AND Android were caught for their tagging pictures with GPS coordinates, plus plenty of other exploits out there (but most require the user to install them so mostly trojan malware).
Unfortunately while phones are getting much cooler and more useful like a computer, in come the reality and security checks required for all these folks always walking around with a functional computer doing computer things on their hips.