Here's a blurb from an article in today's Washington Post by Kim Hart, entitled "A Flashy Facebook Page, at a Cost to Privacy":
". . . it is often difficult to tell when developers are breaking the rules by, for example, storing members' data for more than 24 hours, said Adrienne Felt, who recently studied Facebook security at the University of Virginia.
She examined 150 of the most popular Facebook applications to find out how much data could be gathered. Her research, which was presented at a privacy conference last month, found that about 90 percent of the applications have unnecessary access to private data."
Read the article at Washington Post.com.