We're using facebook connect on our site, and I personally use it to connect to many sites. As far as we know, facebook does not provide any passwords of the connected users. If that were the case, there's no point in using it, and it would've completely failed by now! If you're not already logged in to facebook, the button takes you to the facebook login page (outside the site), you login to facebook, grant basic access to the app (which is authenticated by facebook), and then you're taken back to the original site.
The site gets as much info as the user grants, which is usually basic (name, picture, dob, friends list, etc...), and a Facebook ID number -unique to the user- so that the site can use it to get the info mentioned above, NO PASSWORDS.
The real concern is when a site PRETENDS to be facebook and asks you for your username and password to login (called phishing). That's when your account is in danger of being hacked!
We're using facebook connect on our site, and I personally use it to connect to many sites. As far as we know, facebook does not provide any passwords of the connected users. If that were the case, there's no point in using it, and it would've completely failed by now! If you're not already logged in to facebook, the button takes you to the facebook login page (outside the site), you login to facebook, grant basic access to the app (which is authenticated by facebook), and then you're taken back to the original site.
The site gets as much info as the user grants, which is usually basic (name, picture, dob, friends list, etc...), and a Facebook ID number -unique to the user- so that the site can use it to get the info mentioned above, NO PASSWORDS.
The real concern is when a site PRETENDS to be facebook and asks you for your username and password to login (called phishing). That's when your account is in danger of being hacked!