Sometime back, I noticed a strange problem with Facebook, I had accidentally entered wrong password in Facebook, and it showed my first and last name with profile picture, along with the password incorrect message. I thought that the fact that it was showing the name had something to do with cookies stored, so I tried other email id's, and it was the same. I wondered over the possibilities, and wrote a POC tool to test it.

This script extracts the First and Last Name (provided by the users when
they sign up for Facebook). Facebook is kind enough to return the name even
if the supplied email/password combination is wrong. Further more,it also
gives out the profile picture (this script does not harvest it, but its easy
to add that too). Facebook users have no control over this, as this works
even when you have set all privacy settings properly. Harvesting this data
is very easy, as it can be easily bypassed by using a bunch of proxies.
Full Disclosure: Facebook name extraction based on email/wrong password + POC