All as bad
There is a huge problem here of hysteria and double standards. Every AV product uploads some form of information so that it is possible for the AV companies to understand the threats they are dealing with. Stop information upload and the whole threat response becomes far worse. Yes, Kaspersky should maybe have been more open but all AV products do this.
What really annoys me most is this singling out of Kaspersky in this way. No one except Kaspserky themselves really know, but my assumption is that there will do everything possible to secure that information, as should any other AV company. It is not in their interests to splatter that information to anyone. It is what their intellectual property is derived from, it is commercially sensitive and of great value to competitors.
Kaspersky are not more are risk, and probably are at less risk than the many US (or elsewhere) based outfits that will have no option be to roll over when requested by the NSA. The NSA (and many other US "intelligence outfits) are the biggest group of hypocrites there are and will be doing everything possible to spy on everyone and everything, friend of foe in the name of the "War Against Terror". Given the NSA's abysmal record of securing their own data, frankly I have less trust in uploading metadata to a US company than Kaspersky.
And as for the comment earlier "use Linux instead of Windows", exactly how does that help in this situation? All operating systems are vulnerable and should be managed/protected appropriately. Windows has the greatest use case where it interacts with users and therefore is the most targeted. If Linux, iLO or some other OS had ended up on the desktop, it equally would be the most popular target.
If you chose to run an OS with no protection then you are an idiot and smugly stating that it is a Windows issue is even worse.