I get that (I'm a programmer) but what I don't get is how regularly this mishap occurs to Apple and how they never seem to see it coming, especially as their entire PR machine is directed at privacy and transparency. At best it shows an incompetent process.
No real answer for you there. Though, honestly, it may just be selection bias. Apple's a lot bigger and under a lot more scrutiny than most other companies, so things that would skate by unnoticed elsewhere get noticed in Apple's case - *especially* because their PR is so about privacy, so in that area they're even more under a microscope.
Or they just could be really bad at catching these things, a systemic problem and it's getting reported more often now ?♂️. Hard to tell without more data
So why can't that 2nd list be stored locally on the iPhone?
Probably the same reason your phone doesnt cache the entire DNS structure of the web: they're big lists and they change