I’ve read somewhere that Facebook even embeds tracking pixels in the HTML of the data export, so keep this in mind if you ever actually look at the exported data.
Google produces irrelevant results no matter what I try (searching anything about Facebook tracking pixels brings up tons of marketing-related SEO spam) so I suggest someone with a Facebook account just tries it and reports back. Until then, better safe than sorry, assume the worst (which at this point should be the norm when dealing with the company we're talking about) and proceed accordingly.
Images on public Facebook are indeed marked (a unique ID is embedded in every picture's EXIF data) so I wouldn't be surprised if the exported ones were too (not necessarily for malicious reason even, if the images are being marked at upload time, Facebook may not even have the original unmarked image anymore).