This is true for both "Include enrolled users" and "Anonymize user information" on the Initial settings step of backup.

Default moodle install. Add a course and a user. Put that user in as a Teacher (editing teacher) (user w/o the moodle/backup:userinfo or moodle/backup:anonymise capabilities, but with other backup capabilities).

As that user, go to the first backup page, "Include enrolled users" is properly Xed out, but "Anonymize user information" is not, even thought the user doesn't have that capability.

Now go into (as an admin) Settings->Course->Backup->General Backup Defaults, and change backup_general_users to No.
As the user, go back into the backup first page. Notice that "Include enrolled users" is now unchecked and clickable (and if you click it all the children that should shouldn't have are clickable too). If you click it and continue you will get an exception (hence why this is not a security flaw).

Basically:
Capability Yes and Default Yes = Checked and changeable
Capability Yes and Default No = Unchecked and changeable
Capability No and Default Yes = Xed out
Capability No and Default No = Unchecked and changeable (Should be Xed out)

The same logic flaw applies to both "Include enrolled users" (moodle/backup:userinfo) and "Anonymize user information" (moodle/backup:anonymise)

I've already tracked it down and have a proposed patch, which I'll add here as soon as I have a MDL number.