I sympathise, but I note that that wasn't the first thing foursquare did, and they've made a very popular service out of it, whereas you (I assume) and I have not.
When we don't have the resources to do absolutely everything perfectly, how do we decide what to spend our time on, to what standard - and what to let slide?
Any such spoofing protection is of course not real security, as you could still extract the key from the app, or intercept the GPS API calls and feed them false information. So this isn't "having to brute force RSA or AES" level security, just making it slightly harder.
Still, it could be relevant:
It's not quite clear to me what Foursquare's business model is, but if location owners are handing over cash in return for checkins (i.e. new customers or increased repeat business) either indirectly or directly, then as such a customer of Foursquare you'd probably want the system to be less easily gamed - which is the reason I was surprised.
EDIT: the comment by a Foursquare employee blows that theory out of the water - the locations aren't paying them as far as I can tell, and are providing incentives for users on their own accord.
I was referring to time spent on implementation details, not designing a product. In my book, good programming practices and having a popular service are not mutually exclusive.
When we don't have the resources to do absolutely everything perfectly, how do we decide what to spend our time on, to what standard - and what to let slide?