Although users will still have to allow applications to access their address and phone numbers, AllFacebook reports that many users may not notice the new change. Nor does Facebook protect its users from malicious or spamming developers who may decide to load up malware and spamware on the site simply to gain information. From AllFacebook:
Unfortunately, the developers plying the user graph objects include rogue applications, such as spamware, malware and deceptive schemes that security staff seems to have a hard time keeping up with. This category of n’er-do-wells can now gain access to people’s mobile phone numbers and street addresses. So we really hope the social network devises a way to bar the rogues from using this set of code, and if that’s not possible, then perhaps get rid of the entire thing before any damage could be done.
While that would be a great solution, it's an unlikely one. That Facebook has decided to give developers this information already shows a great lack of care for its users' privacy. Still others are more piqued by Facebook's seeming underhandedness. From InsideFacebook:
One troubling fact is how Facebook announced this major change. Instead of in a dedicated post with mention of the potential risks, it was merely part of a weekly dispatch about bug fixes and migration deadline extensions — with no commentary on its impact. It was published on Friday evening of a three-day weekend, at 8:16pm PST, diffusing immediate feedback, and later the post’s time stamp was changed to 6:00pm. If people are going to trust that the site has their well-being in mind, Facebook needs to concentrate on mitigating risks for users, not minimizing backlash to itself.
That's pretty weaselly, made even more so because Facebook declined to make a public announcement to the users it was planning to exploit.
If users want to protect their privacy, they must use less personal information (such as taking down or erasing phone numbers, addresses or e-mail addresses.) Facebook has shown it has no compunction in allowing others access to user personal data, so it's plainly up to users to prevent the spread of their information.