It seems difficult for something like that to accidentally happen, seeing as background location tracking requires explicit permission requested through APIs provided by the OS.
I wonder if the fear is that you might end up having less than ethical (rogue?) employees that might think they're helping the company by using some form of workaround to track users. I'm not sure if that's overly paranoid or just the right amount of paranoia, but I can imagine the fear.
