In terms of privacy, It all depends on the credentials you've purchased and registered the phone with, Inclusive of the carrier's susceptibility to SE'ing, thereby obtaining the rightful account holder's personal details.
As for exploitation, It's not only the phone Itself that's of concern, but also the overall usability of the end user. Security-wise, both work hand In hand.