I'm not sure how it works now, but the way Facebook dealt with this issue is to present IFrame with confirmation what you're posting on your wall. This of course makes using client side scripting mandatory but it—very efficiently—limits any SPAMing capabilities of a rouge application.
Also, developers could request dropping this limitation but they had to go through Facebook's verification system, part of which was confirming that the app itself presents message before publishing and will only do that on the immediate UI input.
Also, developers could request dropping this limitation but they had to go through Facebook's verification system, part of which was confirming that the app itself presents message before publishing and will only do that on the immediate UI input.