MacRumors.com

DaringFireball.net clarifies that the published blacklist url likely only blocks malicious apps from accessing the iPhone's Core Location functions. Core Location allows applications to detect the user's location through GPS and Wi-Fi triangulation.

An informed source at Apple confirmed to me that the “clbl” in the URL stands for “Core Location Blacklist”, and that it does just that. It is not a blacklist for disabling apps completely, but rather specifically for preventing any listed apps from accessing Core Location — an API which, for obvious privacy reasons, is covered by very strict rules in the iPhone SDK guidelines.

This being said, this doesn't change the fact that Apple has suggested they can disable Applications remotely:

Since each iPhone program will be digitally signed by its creator, this gives Apple the ability to “turn off the spigot,” as Steve Jobs put it, and revoke programs that don’t meet its standards.