This post is just a quick reminder of common sense that should be on every application. Whether it is a Facebook application, a Twitter application, or just a connected application via webservices, you should never expose sensitive data. I mention this because of my previous post which shows how to connect Facebook to a CakePHP application. Even though this is using the basic ideas and examples from the Facebook SDKs, does not mean that this common sense should be disregarded.
An excerpt from a Facebook Developers blog, located at:
http://developers.facebook.com/blog/post/418
Our policy is very clear about protecting user data, ensuring that no one can access private user information without explicit user consent. Further, developers cannot disclose user information to ad networks and data brokers. We take strong measures to enforce this policy, including suspending and disabling applications that violate it.
Recently, it has come to our attention that several applications built on Facebook Platform were passing the User ID (UID), an identifier that we use within our APIs, in a manner that violated this policy. In most cases, developers did not intend to pass this information, but did so because of the technical details of how browsers work.
It is important that when you develop a Facebook application, you adhere to the policies. Remember to take a common sense approach, and make sure you do not violate any security policies.