Quoting Brian May (brian@microcomaustralia.com.au):
Some things look like they might be needed to support features. e.g. GPS for geo-tagging, network access, make phone calls, USB storage (this one is a can of worms), take photos, record audio. Creating accounts is fine too I think.
Apps need to declare all permissions that they might require, even if you never plan to use that feature. Obviously once an app has declared it requires a permission there is nothing stopping it from using that permission maliciously or to breach your privacy.
There there is "READ PHONE STATUS AND IDENTITY" which is often used for advertising. Has a bad reputation, although alternative solutions which don't require this permission may be even worse for privacy (or so I have read).
When I finally get around to seriously investigating CyanogenMod on smartphones, I'll first check whether they adopted the idea -- that I heard was making the rounds -- of enabling the user to promise Android apps all the rights they ask for but then selectively prune those rights any time after installation. According to my understanding, on standard Android, the app's installer asks 'Here's a bunch of permissions this app will need. Are you OK with that y/n?' If you say no, installer exits. No ability to say 'Sure, the app may have everything it asks except READ PHONE STATUS AND IDENTITY, and just go ahead and install it without that one right.' Ah, above was written just before I read...
Older versions of cyanogenmod supported disabling permissions so you can restrict what it can do if you don't like the requested permissions. Not in recent versions unfortunately. There might be alternative apps in the market to do this, haven't checked in ages.
Spineless developers {sigh}. This isn't the first time the CyanogenMod developers have shied away from greater user control. http://review.cyanogenmod.com/#change,5677