I find it very suspect that you are asking for my facebook login information on the client app when I have registered online with facebook. When I login via the app, I should be taken to a facebook hosted login and redirected back, not input my facebook login info directly into your app.
First and foremost, keep in mind Facebook is not the only option for logging in. Second, I tend to agree with you that the way the login is set up now, is not optimal. The reason why it’s like this is simply because Facebook doesn’t have a proper login service for this type of application, but they are working on it. Once they release this service, the client will jump on it (which means you won’t have to give the client a password, as your redirected to the browser).
We’ve had a frame inside the client which redirected to the actual facebook web login page, once. However, after Facebook changing stuff on us two times (which broke the login on the client) - I decided to do it the way it is now.
The client only uses the login details to directly post to Facebook and only stores the email (as that is the same email you’re registered with us), nothing more. If you don’t trust it, simply don’t use it.