about 2 years ago I interviewed @ Facebook for an info-sec job, I passed and everyone was telling me how stupid i was, their approach to security was so lassefaire it was laughable, their feeling was security is up to the users, which is why we spent so much time on the privacy controls. when asked standard have you defined your assets, they said what assets? I now tell people to delete their accounts which isn't easy.
-louie