I would like to know you opinions as programmers / developers.

When I changed my Facebook password yesterday, by mistake I entered the old one and got this:

Am I missing something here or this is a big potencial risk for users.

In my opinion this is a problem BECAUSE it is FaceBook and is used by, well, everyone and the latest statistics show that 76.3% of the users are idiots [source:me], that is more that 3/4!!

All kidding aside:

• Isn't this useful information for an attacker?
• It reveals private information about the user!
• It could help the attacker gain access to another site in which the user used the same password
  • Granted, you should't use use the same password twice (but remember: 76.3%!!!)
• Doesn't this simply increase the surface area for attackers?
  • It increases the chances of getting useful information at least.
• In a site like Facebook 1st choice for hackers and (bad) people interested in valued personal information shouldn't anything increasing the chance of a vulnerability be removed?

Am I missing something? Am I being paranoid? Will 76.3% of the accounts will be hacked after this post?

Thanks in advance!!

BTW if you want to try it out, a dummy account:

user: [email protected]
(old) password: hunter2