If an application can see some data that wasn't shared with me, then I agree that's a pretty big problem. That an application I give access to see my data can see, well, my data, isn't a problem in my view.

http://imgur.com/dzMVN

What about this scenario:

(1) You share your birthday with a friend Bob.

(2) Your friend Bob installs a facebook game from the Sleazo Company.

(3) Sleazo Company now knows your birthday.

That's how I understand it works. Your friends can share your information with third-party facebook applications. Please correct me if I am wrong.

Once your information is in Bobs hands, what he does with it is out of your control. Even if we consider a network that doesn't allow apps, what if Bob downloads SleazoCo Birthday Reminder (comes build-in with your Bonzi Buddy) that scrapes your birthday from the site? At least Facebooks terms forbids app-producers to save anything about users for more than absolutely needed, and SleazoCo can theoretically be banned from making FB apps if caught in violation of this.

Unless we're willing to consider DRM for social networks, this won't change with Diaspora or any other kind of software that puts your birthday on Bobs computer in any kind of standardized format.