Oh, yuck. The short version is that HTC has a high-privilege applet preinstalled on their phone that can access all sorts of sensitive data. It gives this info up to any other applet without any sort of security, acting as a backdoor around the normal Android security.