[williamcotton]

I'm going to guess that they're referring to something like:

  HASHED_SALTED_PASSWORD = BCRYPT(PASSWORD, SALT)
  SALT_AND_PEPPERED_PASSWORD = HMAC-SHA256(SECRET_FACEBOOK_HASHING_KEY, HASHED_SALTED_PASSWORD)

BTW, this is not an example of "security through obscurity".