I'm not a massive fan of the PGP WOT. The way people sign each others keys and then push the signatures to the keyservers. It's kind of like publishing your contact list for everyone to see.
And I say this as somebody who uses PGP many times a day.
If you are concerned about leaking your associations via public key signatures, you could use (and request that your contacts use) local/non-exportable signatures. That way you will be able to keep track of your trusted keys locally, but your signatures (and the associated metadata about your contacts) cannot be exported, either directly or to a keyserver. You can do this with `gpg --lsign-key`. Enigmail also exposes this option in their GUI, as a checkbox in the "Sign Key" dialog.
Of course, this reduces the utility of the web of trust, but within the current design of PGP this tradeoff is inevitable.
If you meet up with people specifically to sign their keys, all one can confer from a signature is that you have met this person – not quite a contact list, IMHO.
And I say this as somebody who uses PGP many times a day.