The researchers said they compiled a list of roughly 6,500 users, including soldiers in volatile areas (such as Baghdad or the Korean DMZ), NSA workers and the CEO of a manufacturing firm. It's easy to understand the security risks based on that list -- terrorists could use this to attack or kidnap high-profile targets at their most vulnerable.

To its credit, Polar has already responded to the concerns. It temporarily suspended Flow's "explore" functionality and has been developing methods for keeping privacy under control, such as an option to clear your entire workout history at once.

Still, the findings suggest that the fitness tracking industry has yet to fully address the privacy concerns surrounding their devices. Companies like Polar and Strava have tended to focus on making fitness info widely accessible to foster their communities and drive sales, not on ensuring that people only reveal info to those they trust. Until there's a broader shift in attitudes, exercise mavens may want to double-check what they're sharing with social platforms and hold off if they're uncomfortable.