No matter how you see it, it is a leak because if some programs starts collecting information in a way that is not feasable for humans and than let it be used by datamining programs and marketeers than that is very serious. In fact Facebook and others have assumed that the privacy was also protected by the massive amount of users (and data) they collect. They never thought that a program would collect it all this way and that humans would never be able to do this themselvers. The security researcher did nothing illegal and Facebook did nothing illegal, it is just that neither did anything good. Facebook should have opted from the beginning for a opt-out privacyrule (everything is private except if you decide otherwise) and not a opt-in (in which for each bit of information you have to set a number of rules to protect the privacy). The securityresearcher should have shown the information as a proof of concept and as a tool to get Facebook to get its act together about Privacy (it is becoming its sword of Damocles).
By publishing it on the internet he has made it too easy for corporations and organisations (or for individuals in those organisations and eventually without the approval of them) to download the dataset. Some can use solely for research but there may also be some opportunities for marketeers.
Facebook will have to take some actions to protect its members from this kind of expecting spam and will have to monitor more closely the use of its network. Just as other networks (like Google and Scribd) are closing bots or people who are seemingly searching too much information to quickly, Facebook should block this kind of massive informationcollecting.
Some of the firms and organisation that have now your public facebook information are
AT&T - Possible Macrovision
Baker & McKenzie
Church of Scientology
Davis Polk & Wardwell
Ernst & Young
HBO & Company
Levi Strauss & Co.
Matsushita Electric Industrial Co
O'Melveny & Myers
Procter and Gamble
Road Runner RRWE
Time Warner Telecom
Turner Broadcasting system
A lof of others will have used individual accounts or proxies to download the file and stay anonymous.
Expect a lot of garbage, marketing and attacks on your Facebook account in the coming months if you had a public profile.