A few minutes ago, I sent a "Facebook private-message" to a friend/ex-dorm-mate of mine. She started a (one of many) Facebook group/event-thing centered around some of the issues raised by Facebook's latest, greatest, most controversial releases, and had asked me to shed some light on it. By the time I'd finished my reply, it had kind of mutated from a correspondence-type note into a small brain-dump of information that I feel should be out in the open. So, here's the meat of the thing, for your consumption...
My impression of the Facebook Development thing is that it is almost an attachment to the Facebook API (Application Protocol Interface, I believe it stands for). Basically, the API is the published interface to the Facebook website software that allows other software programs to interact with it, and the "Facebook Development Platform" is the API in combination with all the information that can be accessed through it.
The Terms of Service does outline what people should and shouldn't do with the Development Platform, but it is only a legal agreement. It does nothing to actually prevent people from doing bad stuff with it.
Bottom line: if someone's concerned about their privacy, they should uncheck the appropriate checkbox in the My Privacy > "Everyone" page. It makes their profile less useful to users of 3rd-party facebook software, but I for one don't care about that at all.
Now, about the feeds and stuff (which is also a concern). Mark Zuckerberg (Facebook's owner/founder) wrote a good blog entry in response to the massive amount of feedback on this subject.
They obviously handled the release of these features badly (any nay-sayers on that don't have a leg to stand on. They're simply wrong.) He acknowledges it, took the proper steps remedy the situation, and was even polite enough to let us know about it.
*Everyone* should take a moment to go through the My Privacy > "Feeds..." page. It lists very clearly what DOES and DOESN'T get published via the feeds, and allows you to configure exactly what is allowed to go out on the feed published by your account.
Finally, we all need to remember that ALL of Facebook is on the public Internet. It's something that almost nobody seems to think about, let alone understand. It doesn't matter how much "security" is built into the website itself. It is still hosted on publicly accessible machines that we have no real control over. Any and all information that we put on there should be considered completely public. It can go literally anywhere at literally any time. Who knows how many people have access to Facebook's backend databases? We have absolutely no control over where this information goes or how it is used. We can only trust that Zuckerberg & Co. actually do what they say they do, and that any future owners of Facebook can be similarly trusted. And this goes not only for Facebook, but also for every single website, web-service, and web-application anywhere.
Now, I don't want to sound like I'm completely bashing Facebook. I'm not. I actually somewhat like them. In fact, compared to, say, MySpace, it's pretty damn good. MySpace is an ugly, sketchy, bloated piece of crap. I admittedly have an account with them, but I refuse to use it for anything other than a location to point people to better places on the Internet.
Take note of the last quoted paragraph. It isn't meant to scare anyone, but if you cruise Teh IntarWebz and aren't at least aware of this, you're living in a clouded haze of faux comfort. Know where your information is going, what could happen to it, and act accordingly. It's as simple as that.