At the current moment, facebook is rushing to fix a bug that can be used by spammers to harvest the names and photos of other members.
This is how the bug works:
When logging into facebook, if you put in the wrong password, a 'reenter your password screen pops up-with the users full name and photo.
Ths feature is meant to help those understand if they have mistyped their e-mail address, but can be used by other users for otherwise vital information.
"A spammer with an e-mail list could write a script that enters the e-mail addresses into Facebook and then logs the real names. This could help make a phishing more realistic, said Atul Agarwal, the researcher who posted a note about the issue (along with a sample script that could harvest names) to the Full Disclosure mailing list on Tuesday."