Awwwww, come on!
"...Keith discovered a simple way to bypass the security token: by omitting it altogether, Facebook servers no longer attempted to validate browsers."
Don't they have any kind of internal teams who think up ways of defeating security? They ought to.