It's not just phone numbers, though. It could be private messages, friends-only posts, IP address logs, physical addresses, SSNs--the list goes on. You'll quickly find that anything non-trivial will start collecting data users wouldn't want public.
Services like social networks don't need to store physical addresses, SSNs, phone numbers, etc. Therefore, that data should be looked at like a liability rather than an asset. It shouldn't be collected in the first place.
Data like private messages, friends-only posts, etc are needed for the features they want to provide, and they should only provide those features if they can protect that data.