Comment by teilo

It is absolutely an MITM attack, if for no other reason that your email has no presumption of privacy once it is in the hands of Facebook. Read the TOS. They can do whatever they like with the data that passes through your account.

They are counting on your not noticing that they changed your publicly displayed email address, so that instead of a message going straight to you and bypassing facebook.com, it now goes to facebook.com. You still get the message. So do they.