Here's a privacy concern that Facebook isn't considering a flaw.
The flaw lets savvy hackers cull your friends list by viewing "mutual friends."
Why do hackers want to see your mutual friends? Once they get a hold of your friends list, they can mine for personal data or infect them with malware and the rest is history.
The first one will be user number #4 on Facebook (Mark Zuckerberg) that has friend list privacy on, the second user will be user number #5 on Facebook (Chris Hughes) that has public friend list, let’s compare by using the URL: https://www.facebook.com/zuck/friends?and=ChrisHughes. We can detect 61 mutual friends between the two profiles. That means that Mark has those 61 friends as well.
... if you're friends with Chris, and Mark is friends with Chris, then Chris will be shown as a mutual friend when you're viewing Mark's Timeline". We can add "But what if Mark wants his friends list to remain private?"
Here's Facebook's response:
“We do not consider this to be a privacy issue. We include this explanation alongside the friend list visibility setting: "Remember: Your friends control who can see their friendships on their own timelines. If people can see your friendship on another timeline, they'll be able to see it in News Feed, search and other places on Facebook. They'll also be able to see mutual friends on your timeline.
Facebook doesn't see this flaw as a problem, so it won't be issuing a fix. In the meantime, it might be a good time to clean up your friends list. Click here for an easy trick to clean out Facebook strangers.