[dimino]

I didn't mean to sound like I'm "discounting" this, though I guess I "discount" everything that hasn't had a cycle of security focused QA, let alone zero QA at all.

I bet, with no information other than what's supplied, that this system is insecure. It's not really a knock on Zuckerberg, just a statement based on my experience. I am totally open to being wrong, I just think we know more than nothing about hobby projects and their propensity to consider security secondary, tertiary, or not at all.

Admittedly, this is Mark Zuckerberg, so who knows, it might have been meticulously coded to be perfect. The guy's a bit of an obsessive, based on what I've read, so I would also not be surprised to find it's tightly locked down and very high quality code. I don't the guy, just the general situation.