I am not surprised at this at all... I am sure facebook has many other security flaws. I remember back in '07-'08; I myself must have stumbled upon at least 2-3 flaws by accident. You could literally see a persons entire private album because one of your friends or whoever was tagged in a picture in that album. This is now fixed but I remember running into something similar to this at least 3-4 times.
Moral of the story
1. FB is facebook and don't post anything on it you would not want anyone else to see.
2. If you don't want someone to see your facebook info / pictures; DO NOT FRIEND THEM, they are not your friends, I have no idea why so many people have such a tough time understanding this.
2jZ + RB26 + 4G63 + LS9 + N54 =