It appears that Facebook's approach to security and privacy can be summed up in three words.
Ready, Fire, Aim.
As everyone seems to now know, Facebook made a bunch of changes to make their privacy settings more, uh ...granular in order to supposedly give users more control. But it seems that backfired and caused a huge uproar that mobilized both privacy and consumer advocates and politicians as well. It also opened up security breaches which further compromised the privacy of many of their users. What's clear is that Facebook didn't ask, they just went ahead and did it. And, for the most part, people hated the changes and Facebook is now rolling some of them back. But in the end, they chipped away a net gain of privacy concessions begrudgedly now accepted by their users.
But the real news should be that Facebook's process is broken. Their modus operandi (MO) is to roll out their changes without thinking them entirely through. This, of course, creates a certain amount of confusion among users while providing apparently ample opportunities for unscrupulous types to exploit the loopholes left behind by Facebook's poorly planned and badly executed changes.
So, it should come as no surprise that, during this past weekend holiday, their so-called Like button became the means by which hundreds of thousands of facebook users became infected with the Viral clickjacking 'Like' Worm. According to sophos.com the infected users fell for "a social-engineering trick which allowed a clickjacking worm to spread quickly."
Sophos further explains that "visiting users are tricked into "liking" a page without necessarily realizing they are recommending it to all of their Facebook friends."
To learn how to avoid being infected, or to find out if you have already been infected and what you can do about it, see the sophos.com article. In the meantime, perhaps you should be afraid to use Facebook... perhaps very afraid. Otherwise you risk becoming just one more piece of collateral damage as a result of their Ready, Fire, Aim way of doing things ...oops, sorry.