Parent has hit the nail right on the head. I used to work on Facebook games for an indie games company and now I'm in charge of 'doing Facebook' for another company and so cross domain Iframe cookie problems are something I come across a lot. Maintaining user sessions inside iframes isn't straightforward.
Facebook have yet to implement a trick to make ie accept 3rd party cookies and so the widely used work around is use either a genuine or dud p3p header.
Yes, these hacks and workarounds are nasty and yes they're bad for standards - but if browser vendors insist on such privacy controls they need to make it much more user friendly for users to whitelist sites. Most of users we get through Facebook don't know what cookies are - they just want our apps to work. Blocking cookies without even prompting the user is not the way forward.
This isn't advertising, it's reporting the news.
The best way to avoid responsibility is to say, "I've got responsibilities."