It doesn't have to be that way; it's very easy to lock down your facebook settings to friends-only. I think it's quite ridiculous that that's not the default. This pessimistic assumption you mention where anyone can see everything might be the safest, but it's just not how humans work. When you're surrounded by a bunch of friends (or their status messages), you don't assume the rest of the world is overhearing you as well.
As other readers have mentioned, your data is still owned by Facebook and subject to malicious intruders and the like. I just wanted to add that without any malicious intent, Facebook could intentionally or accidentally change your settings so certain information you had set to private is now public, without your consent and without any warning. Remember when Google exposed everyone's contacts through Google Buzz[1]? It's easy for someone to underestimate the difference between what you consider private data compared to what they do.
You are right about that option. But I find it prudent to always reduce the chance of a type 2 error and increase the chance of a type 1 error (http://news.ycombinator.com/item?id=4081972). It is best to assume the worst and trust nothing whilst acting probabilistically than to assume perfection/trust and act deterministically.
Hence, in this case, if you assume everything is public, you reduce the harm that can come to you when the trust you have in a service fails you (as it may well do). Just like an investor - take on risk, minimise uncertainty and price catastrophe correctly. This gives you the best of both worlds - risk priced in proportion to reward. You can have your cake and eat it too - if you only take a slice and no more.
As a completely off-topic side note: Since I was introduced to statistics, I always forgot which error was type 1 and which was type 2. I had to read your link to find out.
In code, "int errorType = 1;" would be a badly chosen variable :)
The expressions "false positive" and "false negative" reveal more semantics than "type 1" and "type 2", and are therefore much easier to remember.
You are correct, my apologies for explaining with improper terms - that's the curse of knowledge I suppose.
I quickly forget that the "map" in my brain is about 10 times more detailed than the vector representation I detail in my answer - and it often lacks ideas that may be critical to understanding.
I will use false positive/negative terminology from now on - apologies for the dense language and propagating difficult to comprehend terms - I'll try to stop doing that :D.
While I do agree that false positive and false negative are better names, they do have one shortcoming in comparison:
Classical statistics suffers from the inference problem, where instead of "tested positive for presence" you have to say "tested negative for absence". So a type I error is a false negative as much as it is false positive, which can get confusing.
I believe that when people say that everything on the internet is in the public domain they imply that even private data is subject to hackers and such. And if someone got root of Zuckerbergs cellar server (or, wait, somethig) they would be able to do what they wished with our data.
