Privacy via lawsuit (vs security)

Interesting story about collecting data from Facebook.  I wonder if he would have had the same trouble if he had written the utility as a Facebook app, since apps are able to access all data from any user that runs them.  Maybe he could talk to the Farmville people, and collect everthing on pretty much every Facebook user.

All kinds of intriguing questions arise:

Has Facebook threatened to sue Google?  If they did, who has the bigger legal budget?

With all the embarrassing leaks, why doesn’t Facebook simply do some decent security, and set proper permissions?  (Oh, sorry.  I guess that’s a pretty stupid question.)

Does the legal concept of “community standards” apply to assumed technical standards such as robots.txt?  If nobody tests it in court, does any large corporation with a large legal budget get to rewrite the RFCs?

If you don’t get noticed, is it OK?  Does this mean that the blackhats, who try hard to stay undetected, are legally OK, and it’s only people who are working for the common good who are in trouble?