[tjogin]

I'd love to just take your word for it, but for the sake of the discussion, would you please expand a bit on what "CIA level" information you can retrieve using the Facebook API?

To begin with, what can you find out about a person after they've logged in with Facebook Connect, without explicitly asking for additional permissions?

[saytheobvious]

To start with: http://wiki.developers.facebook.com/index.php/User_(FQL)

If that isn't everything you need, you could use that information as foreign keys to other databases in other places, to easily fill in the blanks, if you wished to dampen the shade of your hat. As far as "CIA level", I'll admit that was sensationalist just for the sake of writing, but it is damn scary nonetheless.

[tjogin]

Right. But, if you are sensitive to privacy issues (which seems sound), you're not likely to have an exhaustively filled out Facebook profile either way.

So, if you have a sparingly filled out Facebook profile, what is the risk involved using Facebook Connect?

That API list kind of looks like a CIA-like dossier of information, I agree, but that's worth nothing if the values are mostly: "", drivel, some inside joke, or whatever.