Frankly that's a pretty lopsided view of the issue, which seems to be skewed by who pays your daily living.

I couldn't care less about some automatic geolocation profiling as a means to "protect me", since the very same technology is often times used maliciously for selling my data, forcing advertising on me I don't want or forcing me to be outside some online services. Plus of course other even more malicious forms of evesdropping and ouright espionage. I don't have an issue using an added login verification, but I do take issue with being evesdropped e.g. on a public WLAN or using any Internet connection in a multitude of countries (we aren't only talking the PRC here now). And I didn't yet mention honey pot WLANs.

Suggesting/Advicing me to use a direct connection without an encrypted TCP/UDP tunnel, for the sake of "it's more safe for me" is - with all due respect, utter crap talk and not very recommendable in most scenarios, unless you're happy to expose your traffic. Yes, running HTTPS over a VPN doesn't per say provide added security for a large amount of persons, but you can e.g. revert your DNS queries then, use a strong cipher and also control a bit more fine-grained how the connection is setup. Overall you are indeed better protected then, assuming you've taken steps to have adequate protection for all your online facing user accounts, in which case the geolocation algobased protection is something for the less informed end-users.

As for FlyerTalk, I bypass the overly sensitive WAF as needed, when on a VPN, but it's making the service less practical to use.