Not a great deal of privacy problems, SSL content is excluded by default and you are just asking local peers if they have a binary matching a SHA hash.

The privacy leak might be that you are surfing the net when you should be working, however a firewall could give you that same amount of information anyway.