Facebook not secure shock

In case you hadn't realised yet that joining Facebook is not the best way to protect your identity, the BBC have kindly demonstrated that even if you restrict your profile to 'friends', swathes of that info may still go walkabouts if one of those 'friends' installs (note: not just if you install) a dodgy application.  What I think is particularly impressive about the Facebook security model is that they allow any old application to be runi, with no auditing, from any server on the Net.  But it should be OK, because their terms and conditions say that apps mustn't do anything naughty.