“Just because you’ve set your Facebook profile to ‘Friends only’ access doesn’t mean someone who is not your friend can’t see it. One of the most confusing aspects of Facebook’s privacy settings is an area where you specify what information your friends can share about you through applications and web sites, even parts of your profile you made private.”
What is scary about this is that these settings control how much of your private Facebook information your friends can share, seemingly independently of your privacy settings. For example, one of the options is to share your status updates. My status updates are restricted to “Friends” but enabling the “Status updates” share option in these friend share settings would give those friends the ability to re-publish my status updates to their friends and whoever else can access those updates through my friends’ profiles.
These settings potentially make a mockery of your privacy settings by creating a workaround that enables people who do have access to your private information to grant access to people who don’t. It is essential that you take a look at these specific settings and change them to match your preferences for direct access to your profile if you are particular about who gets to see your Facebook information.
While you are at it, why not audit all your Facebook privacy settings?