"...an API "bug" that allowed unauthorized persons to post not only on his page but those of an undisclosed number of other users." [read: a lot of other users]
That sentence was written by the author of the article: it doesn't appear to be based on what people actually said. The quote from Facebook is "A bug enabled status postings by unauthorized people on a handful of public pages. The bug has been fixed."
Of course, we have to keep in mind that Facebook has an incentive to downplay the severity and the author has an incentive to hype the severity; the truth is probably somewhere in the middle. There's no reason to believe that there was mass-abuse of this issue unless someone has evidence to the contrary. At the same time, Zuckerberg's wasn't the only high profile page to have a strange status posted on it recently.
There is no evidence of mass abuse, but that doesn't mean there wasn't the potential for it. If a security hole affected one fan page, it seems likely that it affected every fan page.
Of course, we have to keep in mind that Facebook has an incentive to downplay the severity and the author has an incentive to hype the severity; the truth is probably somewhere in the middle. There's no reason to believe that there was mass-abuse of this issue unless someone has evidence to the contrary. At the same time, Zuckerberg's wasn't the only high profile page to have a strange status posted on it recently.