That's not the way it works. Apple don't MITM the browser connection to a website for the purpose of checking a website's safety.
Rather, iDevice will ask Apple to check the safety of the requested website on the user's behalf before a connection to the website is made. Apple will, in turn, make use of Google's API to do that check, without divulging the iDevice IP address to Google.
The result will be yay or nay, and that happens before a connection is subsequently opened to the requested website.
Nothing to MITM. They can't listen in on your session data with this mechanism.
Apple servers would, of course, have the *potential* to correlate an iDevice with websites that the iDevice visits, and log that information for years on end. You know, the kind of thing that Google does.
Apple has no interest in doing that. It's not their business model. You can bet your bottom dollar that the validation data is hashed, scrambled and disposed of so that it doesn't leak beyond the validation service itself.
And if your tinfoil hat is flapping in the wind, you can just turn the feature off in settings.
Personally, I would much rather that Apple perform safety checks on my behalf than have my iDevice ask Google to do it directly.