Hmm good points. Also, what if you create an account with Facebook, and then later decide to deactivate your Facebook, what happens to that account you just created?
When I use Facebook Auth in my applications, I create a''User'' account with the clients e-mail address and a nil password. My users can then use "Password Recovery" to get a password for traditional login.
Not much - you can always login by granting FB permissions again, and you'll return to the same account. FB just provides you with a facebook id that you use to lookup the user in the db.
