[hardnose]

If I was served malware by Facebook, I could definitely contact Facebook for assistance, and even sue them if necessary.

And the point about "URLs I dont know" is exactly my point - the move towards hosting content on websites of dubious operational security is a net negative for internet security. Sites like Facebook may not be perfect, but at least we know who runs them, that they've got skin in the game and incentives to adhere to their stated policies as well as laws and regulations, and where our data is located.