Facebook and isecpartners have teamed up to write an article on developing secure applications on the Facebook platform.
"This document provides a basic outline/best practice for developing
secure applications on the Facebook platform. Facebook applications are
web, desktop, or mobile applications that make use of the Facebook API
to integrate tightly with the social network experience.
This document is designed for the Facebook developer, but it can
also be used as a reference for non-technical readers. Depending on the
reader’s level of technical understanding of security vulnerability
classes and the Facebook platform, sections of the document may be
skimmed or skipped."
