[xd]

Exploiting bugs to impact real users is not acceptable behavior for a white hat

It's pretty arrogant of Facebook to redefine the meaning of white hat don't you think? Posting to the Facebook founders page to let them know of a security vulnerability is not malicious, plain and simply, not. Trying to steer the embarrassment of your failings because this guy didn't read your TOS is incredibly hypocritical.

[webvictim]

Using a bug to post to said founder's page against his will is definitely not white hat behaviour. Period.

[xd]

And you base that on what? Sending someone a message to give them a heads up on their security, no matter the medium used, is not malicious behavior, if you feel it is .. well, the world must be a very scary place for you.