For facebook security team, is acceptable security risk that any idiot can hack any database developed with Parse.com SDK.
You have to be a idiot, if is "acceptable security risk", that any attacker can list, update and delete any data on their systems.
The behavior you're describing is not a security/privacy risk ??? WTF ??? what think facebook is an risk ???
Well, The Center for Advanced Security Research Darmstadt (CASED), confirms my discover Security Flaw, check the article published on the Security Scorecard Blog: The Calm Before the Mobile API Data Breach Storm
Dissamble Part 1/2:
ProofOfConcept Part 2/2: