If "Show security notifications" is enabled in security settings then they'd get caught, so I don't think Facebook is going to start doing that. The address book and metadata they have access to are more useful to them anyway.
except for all the false positives. every time someone gets a new phone in a group chat, someone has to ask "did you change your phone or is someone snooping at you", which creeps them out, because it's off by default, and so we ask less and ignore it, "probably changed their phone".
it's terrible ux for security, it could have been much more transparent and actually encouraging proper security behaviour.