You have to give it permission to phone home, or you have to call it in to the Windows Activation 800 number. But if you don't do one or the other you won't be able to download updates from Windows Update and it will turn itself off eventually (well, Vista will turn itself off -- I don't know about XP). You can re-use serial numbers (for instance if you scrap a computer and want to install your copy of the OS on a new machine) but you have to call in to get a code to do that.
I can think of at least four cases in which software running on Windows will send data back to Microsoft: Windows Genuine Advantage (serial number validation), Windows Update (software hotfixes / security patches), SQM (software quality metrics -- that's the little checkbox you see at install, "help us improve the quality of our software by sending usage data back to Microsoft"), and software crashes (not just Microsoft software -- MS will collect crash data for 3rd-parties for free). In the last three cases you definitely must opt-in; it is not on by default, although the OS will ask you to turn it on.
For WGA it may automatically phone home after a certain time-out period (measured in weeks), but you can tell it not to. You will get annoying messages like "15 days left before auto-activation", from which you can disable activation.
I work on the same floor as the guys who develop WGA. They have tons of budget -- glossy large-format graphics up everywhere; massive headcount; constantly occupying all the good conference rooms. They all think my product (high-performance computing) is sexy, but I have the strong suspicion that our entire department will get the axe before one hair on the head of a WGA team member is harmed...
-- "The more I practice, the luckier I get." -- Ben Hogan