Here's a privacy concern that Facebook isn't considering a flaw.
The flaw lets savvy hackers cull your friends list by viewing "mutual friends."
Why do hackers want to see your mutual friends? Once they get a hold of your friends list, they can mine for personal data or infect them with malware and the rest is history.
The first one will be user number #4 on Facebook (Mark Zuckerberg) that has friend list privacy on, the second user will be user number #5 on Facebook (Chris Hughes) that has public friend list, let’s compare by using the URL: https://www.facebook.com/zuck/friends?and=ChrisHughes. We can detect 61 mutual friends between the two profiles. That means that Mark has those 61 friends as well.
... if you're friends with Chris, and Mark is friends with Chris, then Chris will be shown as a mutual friend when you're viewing Mark's Timeline". We can add "But what if Mark wants his friends list to remain private?"