Leaking photos by publishing fbcdn links is worse for attackers on every axis than simply stealing and reposting the photo:
* The leaker and the viewers are more traceable, since they're hitting Facebook's servers
* Facebook can cut off access to the photos by reassigning the IDs
* To get the actual link, you have to dig into the Facebook page source; to get the photo, you just have to right-click on it.
This is a stupid, silly threat to worry about. Unless you find a way to predict fbcdn URLs, there's nothing overtly wrong with what Facebook is doing. Plenty of sites rely on the same technique to protect significantly more sensitive information.
You're talking about a leak while the photo is actively posted. I think that's obvious to users. It's less obvious that users can change privacy settings or delete the photo, and yet it's still accessible.
The interface says access is now (going forward) changed, but access doesn't change.
What's overtly wrong with what Facebook is doing shows up in practice in the news every time someone becomes an unexpected celebrity. The person promptly and maybe even preemptively changes their privacy settings, but their images remain available.
I don't understand what you're trying to say. It sounds like you're saying, "sure, there's a totally obvious and simple way that people on Facebook can take and republish your pictures that Facebook can't do anything about, but did you also know that there's also this really convoluted way they could also do that, and Facebook could fix that?"
If you publish images to the public on Facebook, all bets are simply off. It is a bad idea for Facebook to give people the mistaken idea that any settings change on Facebook could ever take back anything posted to "Everyone" on the site.
Not talking about "Everyone". Talking about, for example, your best friend. Then you turn out to be a Russian spy named Anna. Suddenly your friend, who didn't care to download your photos before, now does want to download them.
More to the point, talking about changing privacy settings, and having the change work, where work is not defined as "defeat tptacek" but "defeat casual users".
The logical conclusion to "It is a bad idea for Facebook to give people the mistaken idea that any settings change on Facebook could ever take back anything" is for Facebook to remove any ability to set privacy more restrictive, ever. I doubt that would be popular.
While "you can't take it back" may be technically correct, most photos aren't being downloaded to repost, merely viewed inline online. There's no reason a user changing privacy to be more restrictive shouldn't expect that change to apply going forward.