...since it depends on the commons sense of all your friends. What could possibly go wrong?
I permanently deleted my facebook account a few weeks ago: a worm was spreading very fast through facebook and for over a week I could not notify facebook about the issue.
The worm spread via event invitations containing a link to a site that social engineered the people into copying Java script code into their browser so that it would steal their account credentials and propagate further. And facebook does not provide you with any means of contacting anybody at all, let alone from the security team! Instead, you are dependent on those buttons that let you report inappropriate messages or such. Only those event invitations did not have such buttons. I wasted dozens of hours trying to notify them about the scheme but finally gave up and deleted my account.
I for one am outta there. And if you look closely enough, you find a hell of a lot worms and security vulnerabilities in facebook.