Saw a report today at CNET by Trend Micro that talks about how facebook apps are being loaded that spread malware across their network. I would venture to say that anyone that allows applications to be uploaded into a modular architecture such as facebook without a complete security review before deployment to users is asking for these issues to exist. I call upon facebook to implement code review and code scanning technologies in the process of their apps submission. It comes back to proper SDLC like always.
The CNET article is here