Having people name, approximate location and a couple of likes you share it is usually enough to yield a small list of candidates. With the photos is easy to find the actual person.
And that is not something Tinder can fix, since that is a product vulnerability.
Tech-wise, this would imply using a secondary ID to uniquely identify their users. A simple fix, yes, just that it's often a better way to rely on a third-party's ID when you use said third-party's auth system.
Mmm. Good point -- maintaining a separate mapping is harder to implement and can lead to preformance issues. I think I see why they did it the way they did now.
Not really harder or bad performance-wise, like esrauch said you can just hash it or anything to get a custom unique value. It's just that to most devs, the first idea will be "I need a unique ID and FB already gives me one, why roll out something else?".
And that is not something Tinder can fix, since that is a product vulnerability.