Hashing phonenumber+userid does absolutely nothing for them, though.
The purpose of uploading your contacts is so that if Jack's phone number is (555) 555-5555, and Sam uploads a contact list saying that he is friends with a guy whose phone number is (555) 555-5555, Path can match up those two phone numbers (or hashed versions of them) and tell Sam that Jack is a member. That match-up doesn't work if the phone number is stored as (a hashed version of) 5555555555jack and 5555555555sam.
They could take the phone numbers, sort them and hash them together. So if Sam is 5 and Jack is 6, they both upload the hashed social relationship 56 to the system and it can match them up.
It wouldn't keep someone with access from checking if a social relationship existed in the database, but it should make recovering phone numbers and the like from the hashes quite a lot harder.
That only works though if you have both Jack & Sam's phone books (and they have each other in their books) so the hit rate would go down, possibly significantly.
If they are going to hash the data, they should salt it (and possibly use key strengthening a la bcrypt, etc).