I think they do a pretty good job with this: they force the app to specify which things it wants to do, and they explain them pretty well. I would like it if I could tell facebook "automatically accept on my behalf as long as it's not going to post or publish as me," because while I don't care about privacy I don't like apps putting spam in people's newsfeeds.

There's a lot of information that your friends have access to that the general public does not. An app approved by one of your friends can access that information. This is how my comment widget works: it runs as me, and so can see your comments. The only way to keep friends' apps from seeing your stuff is to opt out of the facebook platform. When I pull all comments on a post, I don't see comments made by users who have done this. They show up when I'm on facebook, but not through the api. This does disable facebook chat, though, so its kind of annoying.

This came up because someone was worried that my comment widget would help people connect their facebook account to their offline persona. I ended up adding their userid to an internal blocklist because they didn't want to turn off chat. If you'd like me to exclude your comments from my comments page, I could add you to the blocklist too.