Why is such feature even enabled in a "secure" application is even better question. After all you may be dealing with compromised endpoints or evil maids - so showing your ___location is stupid.