In an interesting NamePros thread the CEO of NameCheap states they do not sell any customer search data, and thus any leaks would have to be coming from ‘upstream’ ie. Verisign.
Richard Kirkendall states "There are rumors that this information is being obtained at and sold directly at the verisign registry which bypasses all and any registrars." This rings true when reputable companies such as Fabulous have recently started to see their name appear in accusations of data logging.
If Kikendall’s hints are to be believed it does seem that there is no way to look up a .com domain without someone somewhere snooping on it.
Also - Apologies in the lack of updates in the last week or so, this is just a blip!