Comment by pseudosavant

This simultaneously seems like: 1) such an obvious attack vector that it is extreme negligence to not have had planned for appropriate security protections against this, and 2) the most obvious outcome for Meta to be this security lax and stupid. If it doesn't hurt their ad sales, it doesn't matter to Meta.