The crux is this: Granting your friends access to your data does not mean your friends' apps should also have access to this data. Your permission should be required by apps, not your friends'.
Thank you. Hacker News works because adults make their points succinctly and without personal attacks. The exchange above this is the kind of "you don't understand" "no, you don't understand" time-wasting that killed Slashdot.
Hacker News is a big game of Chinese whispers were each step is a popularity contest over 24 hours. You would be hard-pressed to build a more efficient system for misinformation if you tried. While rational discussions should of course be encouraged, it isn't in itself rational to get ones information from Hacker News. The more damaging thing is of course that once your mind gets trained to whatever opinions are popular here, you will have a hard time seeing other arguments. The "you don't understand" "no, you don't understand" is arguably the point of Hacker News.
For the record Tepix point is supported by essentially anything published by any authority on the subject from the beginning of facebook. As others, further down on the page, have pointed out even the FTC complained about this in 2011:
'''Facebook represented that third-party apps that users' installed would have access only to user information that they needed to operate. In fact, the apps could access nearly all of users' personal data – data the apps didn't need. [...] Facebook told users they could restrict sharing of data to limited audiences – for example with "Friends Only." In fact, selecting "Friends Only" did not prevent their information from being shared with third-party applications their friends used.'''
They have access to your stuff, and they signed away access to the stuff that they have access to when they gave such and such app permissions. It's like if you loan your house key to a friend and they make copies of it and give it to all their friends. It's hardly the lock-maker's fault or the lock's.