The most surprising thing about this is that anyone is surprised about it:

New Facebook privacy breach involves apps leaking user data

First rule of data privacy: the only way to keep private data private is to never put it into a computer in the first place.  (By the way, for the purposes of this rule, “computer” means anything that runs on electricity, be it a full-blown computer, a PDA or a cell phone.)