John Gruber asks a pertinent question, then offers a plausible explanation:
The big question of course, is why Apple is storing this information. I don’t have a definitive answer, but my little-birdie-informed understanding is that consolidated.db acts as a cache for location data, and that historical data should be getting culled but isn’t, either due to a bug or, more likely, an oversight. I.e. someone wrote the code to cache location data but never wrote code to cull non-recent entries from the cache, so that a database that’s meant to serve as a cache of your recent location data is instead a persistent log of your location history. I’d wager this gets fixed in the next iOS update.
Surprisingly, he also contributes to the alarmism:
It’s worse than that, though, because even if you are encrypting your backups, it’s also available to anyone who has physical access to your iPhone.
That’s only true if you haven’t enabled Passcode Lock on your iPhone. If someone has physical access to your computer and/or your iPhone—and neither of them are password-protected—then that someone has access to everything on them. If you’re really worried about your approximate whereabouts being discovered, then secure your computer and your iPhone. That’s just common sense. Moreover, if you lose your unsecured iPhone, you can set a passcode lock or wipe all your data remotely via Find My iPhone.
Andy Ihnatko can’t decide whether this is troubling or dismissible:
But still! What a nervous can of worms. This is an open, unlocked file in a known location in a standard database format that anybody can read. If someone has physical access to your Mac — or remote access to your user account — it’s a simple matter of copying a file and opening it.
This comes right after he writes this:
It’s pretty much a non-issue if you’ve clicked the “Encrypt iPhone Backup” option in iTunes. Even with physical access to your desktop, a no-goodnik wouldn’t be able to access the logfile.