Phishing Protection prevents the Search Appliance from being used as a tool
in a phishing attack.
The Search Appliance has a redirect page as part of its Query Logging
functionality, where it will provide a redirect to the URL specified.
It would be possible for an attacker to specify a URL that, at first
glance, looks like a link from the Search Appliance, which the user may
trust. After the redirect, it actually ends up somewhere else.
If Phishing Protection is enabled, the redirect page will make sure
that any URL specified is actually in the profile's walk database
before issuing the redirect to it.