I'd say ROFL if it weren't frightening. I can't bring myself to quote or paraphrase from the article more on the nature of the flaw, not until I know they've fixed it.
FB's implementation is such an unbelievably stupid approach for getting user feedback that it boggles the mind. You'd think by now they would have a handle on the basics of designing access rights into a social network. Those new CPOs (Chief Privacy Officers) are going to have a lot on their plates.