Just to make it easy for you, I'll paste it here:
You think that's bad? It gets even worse. How about the ENTIRE server-side code for one of the top Facebook apps? Yes, SERVER-SIDE, entire PHP code, database schema and everything else. You don't have to be a hacker to get to it - those guys left a few holes open and OpenSocial exposed them all.
Don't believe me? You can get it yourself if you like complete with all passwords and security keys, but here is an excerpt of their PHP code:
And now, have fun using and developing OpenSocial applications.