Email = relatively confidential?
Err, if it's sent encrypted (perhaps using PGP), then maybe. If not, then it's just plaintext, which could easily be intercepted by any computer along the network path between your mail server and the recipient's mail server...
It's been standard advice for years not to send confidential information via email unless encrypted (e.g. passwords, credit card numbers, bank account details)...
As for FB, even if it did restrict what individual users could view via the interface, it would probably be very difficult (if not impossible) to persuade application / game developers to stop using the API to gather far more data than the application / game actually needs, regardless of their ToS. Only last week there was a story revealing that many games do this, including the dozen or so released by Zynga (FarmVille, Mafia Wars et. al.)...
There's certainly a case for restricting the majority of information, but when push comes to shove, FB is a social network. In order to have the ability to add new friends, and (genuine) friends to find you, a certain amount of information (e.g. name, age, gender, hometown) needs to be visible. But they need to make it a lot easier to specify what information is visible (a) to the world at large, (b) to potential friends (i.e. those who've initiated contact with you), and (c) what's visible to your various friend lists (which also need to be easier to manage - having to click padlock, custom, specific friends, and typing in the name of the friend list is hardly an intuitive way to control who can see your postings!)