Robert Scoble, facebook obsessive that he is, blogs about facebook's recent problem with cache headers.
In a nutshell, and facebook's own words:
This was not the result of a security breach. Specifically, the bug caused some third party proxy servers to cache otherwise inaccessible content. The result was that an isolated group of users could see some pages that were not intended for them.Perhaps not a security breach, but IMHO a worrying lapse in security and wake up call for facebook QA.
I saw other peoples' message inbox, including their messages' subjects and the short snippet. Not their whole messages, but it was bad enough.
What's worse is that because it was a proxy cache issue I saw cached content for other people who used the same proxy, more normally referred to in the human world as my colleagues, and not just for some random facebook strangers.