Unless we assume that these people are completely ignorant of the public nature of their status updates, then this isn't a privacy violation.
But that's exactly the point. Normal's don't get it.
Behavioral Economics studies show that when something is made a default, about 90-95% of people will keep that default. So, when something is made "Opt out" by default vs "Opt in", the vast majority of people won't bother to change things.
So, when Facebook changes this behavior, you can assume that going forward 90-95% of their content is going to go public.
Most normals that use Facebook aren't going to care until it starts biting them in the ass. While, many geeks instinctively understand the huge implications of everyone's status updates being made public.
Granted, you may not care, and I certainly respect that. But, at the same time, I have a hunch that many Normals, if they truly understood the full ramifications of what may happen might substantially change their behavior, or choose not to use Facebook at all.
Another issue, is this: Does making users Facebook posts public by default benefit the users? I think it benefits Facebook tremendously, but I'm doubtful how many users it's going to benefit to have their "rectal surgery" posts made public.
The opt-in/opt-out example I've seen the most is 401k contributions. If people have to opt-out of automatically putting part of their paycheck into their 401k, more people make contributions. The idea isn't that people are being tricked into it, although some people probably didn't read carefully enough and don't notice the part of their paycheck missing. The idea is that people are less likely to change from defaults in general. Most people know they should save, so actively saying "No, I don't want to save" by checking an opt-out box feels worse then leaving an opt-in box blank.
I don't think most people are mistakenly sharing things with more people than they intended on Facebook. When they made the privacy changes and presented everyone with the dialog that let you set all of your privacy settings, 35% of users picked something other than the defaults. It was pretty clear what was going on. For a refresher, here's a video that walks through what the transition actually looked like: http://www.allfacebook.com/2009/12/how-to-use-facebooks-new-...
The only thing Facebook handled poorly in terms of privacy was Instant Personalization. It was... instant. Yelp/Pandora/Docs have my Facebook data linked with my account from the moment I visit the site, which may not be what I want. (I actually like it on Pandora and Yelp. I don't use Docs.) To make matters worse, it's annoyingly difficult to opt out of Instant Personalization altogether. I think this is what offended people the most, then the firestorm made people bring up peripheral non-issues that piled on and made the PR disaster worse. Beacon redux.