The main reason why facebook and many other websites do this is risk minimalization. What if some spam filter goes wild and deletes half of all profiles?
EDIT: That was just meant to be an example. I believe it's generally a good practice to use a delete flag as the default option (unless there are legal or serious privacy concerns), because it makes you sleep better at night. I don't know if it justified in this case, but I just wanted to point out that they did not do it just out of pure evilness.
It would hardly be a great programming feat to create 3 states: 'good', 'marked as spam, hidden', and 'deleted, remove from the DB at earliest convienence'.
Hell, my mail client has been doing that as long as I can remember.
EDIT: That was just meant to be an example. I believe it's generally a good practice to use a delete flag as the default option (unless there are legal or serious privacy concerns), because it makes you sleep better at night. I don't know if it justified in this case, but I just wanted to point out that they did not do it just out of pure evilness.