I'm pretty happy the way that Facebook is signaling the security of iOS by complaining that they have no other way to break into phones except by social engineering people to install root certificates.
Sorry to disappoint, but I think this is just one of many ways. example - as an iOS dev u want to advertise on fb. for that to be effective u want to track conversions. easiest way to do that, esp. for a small dev - add the facebook sdk to the app. and you're done - facebook can potentially hoover a lot of data from an app that has no obvious relation to it.
This episode is a win-win.