It depends who needs to trust who.
If only the server is authenticated, then the client knows it it talking to the right person and both ends know that the channel is secure, assuming the client is verifying the certificate correctly.
In the Facebook case this is enough because the client will then authenticate using its username and password over the secure channel so that the server knows who it's talking to.
The bigger problem on the web is that many sites only use https for the login process so anyone able to interfere with the preceding unencrypted conversation would be able to present a fake login screen which did not use https or directed the credentials somewhere else entirely.
Assuming that the whole public key infrastructure is working correctly, SSL does prevent MITM attacks when only one end is authenticated. Assuming no-one has been able to obtain a forged certificate for the server and the server's private key has not been compromised, the client is able to be sure that it's speaking directly to the server. The server knows nothing about the client but generally this isn't a problem because once the client is sure that it has a secure connection to the server, it can authenticate itself to the server securely using another method such as a password.