Sending a one-way hash of a hack phone-home URL only AFTER the hack was detected is far less disturbing than sending a ROT-13 list of recently used programs indiscriminately.
It isn't sending ROT13 encoded data anywhere (Well, it may, but the screenshots do not have any evidence of this), all the screenshots show is Origin reading registry entries that Windows stores about opened programs.
Here is some info on what the UserAssist keys are: http://www.aldeid.com/wiki/Windows-userassist-keys