There's a difference...
We're all human, squaddies, journos, techno geeks, all of us.
So someone had a privacy zone set up for their home location when they signed up to Strava. Four months later, they sign up to the US Marines. They've forgotten about this privacy zone thing. They end up at Camp Pendleton. Given they (and everyone in Oceanside, California) know where Camp Pendleton is, and how... tightly controlled and 'safe' it is, it's not a Strava issue. So six months after that, they get deployed to Kandahar. Now we're getting into more... *ahem* problematic territory, but, again, they've forgotten that now they're deployed actively, they should update their privacy zones (and/or enable group activities that makes things 'safer'). So their Strava account continues to broadcast their locations.
So who is at fault here? The squaddie? Or perhaps should the Department of Defence work with people like Strava to define privacy zones inside Strava, and then auto-filter any routes that start/terminate or spend the majority inside that zone to be visible only to users that start/terminate spend the majority inside that zone etc? Ultimately, the data is Strada's USP, and if that's their business case, they could be a little bit more sensible with using it. This is again the classic 'just because you have the data doesn't mean you should use it' scenario.
Would options like 'Are you in the military' be useful (i.e. you select it and verify you *are* in the military), which automatically blanks you for bases? Granted, that doesn't resolve the 'I work as deep cover operator for the <insert alphabet trifecta here>' situation, but it just may lessen the impact this has. It does require someone like Strada to work more with different organisations, but would also place a big responsibility on them (like which organisations would trust someone like Strada with the locations of their most secret bases, especially when their enemies do the same)!