Nobody gets outraged over privacy that's too tight — they just don't use the service. You could say that Google's longstanding reluctance to embrace social was an example of too much privacy. (I don't think that was the primary motivation, but it would look the same either way.)

Yes, but nobody knows about it.

Is that a "misstep," then? It seems to me that the logic of a too-tight misstep would be that the information simply does not get out. What would be the reason for FB (or whoever) to notice that too little of my information is getting out? I suppose the "misstep" is in the eye of the beholder. :)