It would be better if it didn't talk to their servers, adding more on increases the surface area and impact.
In this particular case with Safe Browsing APIs, there wasn't a 'surface area' in the way that you mean, to begin with. The article, and commenters, are incorrectly making it appear that way.
The Safe Browsing protocol does have a theoretical vulnerability whereby a malicious provider could create hash buckets on demand with the intent of guessing user URLs. This change would protect users from this theoretical risk. Also, it prevents Google from getting free info about user IP addresses and other info visible via a direct network connection.
I'm guessing this information is next to useless. All they get is an IP address, and all it signals is someone is using a device. It is highly unlikely this is a useful signal for anything given the fact that they're getting much better user IP data from practically dozens of other services people use.
> It would be better if it didn't talk to their servers
As long as you have a 'smart' phone, it will talk to servers.
Messages, email, contact sync, online backups, tools to give you trace possibilitiies if your phone is stolen ... everything needs some kind of server. And if you use an iPhone, a lot of those will be located at apple. If you use an android phone, those servers will be located at google (and possibly also at the hardware vendor eg samsung etc)
Aside from the whole 'company A can be trusted more then company B' thing which is in my opinion a personal matter, this specific item where apple will route the traffic to a 3rd party through apple to hide the ip etc of their customers is a good thing.
In this particular case with Safe Browsing APIs, there wasn't a 'surface area' in the way that you mean, to begin with. The article, and commenters, are incorrectly making it appear that way.