My understanding of that was that the individual in question (was there more than one person?) clicked through confirmation screens without looking at them, assuming that everything would be okay. It is not Google's fault when users are idiots.
However, I may be wrong; I only recall one instance of this happening with Buzz, and may simply have missed other ones.
Other times when google violated privacy which I remember: 1) Accidentally logging packets, which they then told people about and found a good way to delete, instead of just pretending it didn't happen. 2) Releasing emails (and other information?) to governments when required to do so by law, which I consider a valid excuse.
The problem, at least right at launch, was not that users were idiots, it was that the confirmation screens that they did read were misleading. The confirmation screen said words whose obvious interpretation was "click here not to use Buzz," but the real meaning was "click here not to further configure Buzz." Users, even non-idiot ones, would be quite reasonable to assume that clicking that button would either deactivate Buzz or never have it become active in the first place, when in fact that button left Buzz running in its default state of sharing personal information with a bunch of people. Actual deactivation was hidden behind a bunch of config menus.
Google is not evil by nature (though i have my own doubts) and Facebook is also not evil by nature. Facebook simply has a different philosophy on _sharing_. They believe that people should share everything and be more social. If this is not something people are not comfortable with, then those people have no business in signing up for facebook and complaining that everything is shared by default.
As far as Google's privacy 'glitches' are concerned, in my experience bugs make it into production accidentally. But pieces of code that are developed specifically to sample wifi packets that might contain sensitive data or code that exposes all my email contacts to the entire world do not make into production accidentally.
Both are semi-evil towards end-users by virtue of these end-users being the product, rather than the customers they imagine themselves to be.
Google tries to reach the unevil side, by giving you as full control of your data as they can, and not cross over the creepy line (although they are always near it).
Facebook doesn't, and therefore finds itself on the evil side almost all the time. It's not that they want to be evil that makes them evil; It's just that not avoiding becoming evil makes them that way, and they do not try to avoid it in any way. (Plus, evil is more lucrative).
When you say "intentionally" are you referring to the recent UID leaks? If anything Facebook is doing more to protect user privacy now with their "no exporting your friends email" policies.
[EDIT: Changed "the" to "their," and "rules" to "policy," as this makes my sentence both look better and more accurate.]