The Null Device
A technical problem causes Facebook to display its PHP source code; someone grabs this source code and posts it online; the code itself doesn't contain anything more revealing than variable names and include paths. Meanwhile, the non-technical press posts vague yet ominous-sounding warnings about how it could help criminals to steal users' identities (conceding that it doesn't actually allow them to do so as such).
Which is not to say that there aren't any risks; as always, one should exercise common sense. Facebook is an entertainment site, and thus engineered to less stringent standards of security than, say, banking sites. Even if the site itself is secure, your "private", "friends-only" information could fall into the hands of third parties in other ways (if, for example, criminals take control of a router between you and the Facebook servers and sniff all the traffic going through it, or if one of your friends (who is able to see your information) has a Windows virus on their PC which captures the pages they see). The same goes for other sites with "friends-only" capabilities, such as LiveJournal, Flickr, or various members-only forums or mailing lists.