Alrighty... I think the problem is documentation of Airgroups is not what it should be. In part this is probably because things have changed a bit with new versions of ArubaOS and the Clearpass integrations however, turns out I've wasted literal days of my life try to diagnose problems that didn't exist. Here's what I've learned.
By default specifying a location of an AP name for an Airgroup server also makes that server available to clients on RF neighbours (neighbors for you US searchers) of that AP. This might be a well known behaviour but it isn't in the current AOS docs. If you have registered an Airgroup server in Clearpass Guest and specificed an AP name location, the same behaviour takes effect and you'll be able to discover that server when associated with the specified AP and any RF neighbour.
It isn't possible to prevent this from happening with the combination of ArubaOS 8.4/8.5 and CPPM 6.8 as far as I can tell. The Airgroup servers CLI output doesn't show anything in the hop column which, I think, means 1 hop rather than no hops.
The main reason this caused me such an incredible amount of head scratching was testing in dev environment where all the APs can see each other, at least on 2.4GHz.
I've setup some Airgroup servers using the controller policy, rather than CPPM, where it's possible to set the neighbour to "no" and then everything works just as expected.
It's also possible to select both AP-groups and AP-names as locations in Clearpass Guest. It appears one or the other works, trying both breaks the location restriction.