OK so its really neat to have the facebook thing and all but I was wondering if there was a risk of some type of injection? I mean I know it only imports your information from FB. BUT what if a attacker was to make a dummy FB profile and possibly have some code added to their profile. Would it be possible for it to be injected into IPB 3.0??

Maybe its possible maybe its not, was just wondering?

We import a name, a proxied email, the profile image, and the status. I think that's about it (maybe some other small details like birthday, can't remember). Facebook already cleans this, so there should be no injection possible.