A commenter on the post just suggested auditing all the apps/sites with which you've used FB auth. This hadn't occurred to me, and frankly is even more scary IMHO. In theory, anyone who sufficiently compromises one of those apps would be able to access any of the permissions you've given the app.
Sound advice. If you used someone's side project on Hn 3 years ago, and they e.g. didn't patch Rails in January, they're rooted now, so your Facebook account is effectively rooted to the limit of all privileges you've granted. (That assumes you trust the Facebook security model for app permissions.)
