It does, in fact, keep the information out of whois. However, at least with GoDaddy, I was told by a friend (who it happened to) that all someone has to do is send a threatening letter to them and they immediately fold and give up the private info.

I believe that some other registrars require a subpoena or evidence of a legal action, but don't know which are which.