Simple Solution
The facebook IDs of users should be generated uniquely for each connect application.
This will mean they are useful to only single developer. Even if they are sold or leaked, they can't be used by another developer to identify users.