You're literally hosting your life on it. You should indeed not do this.
What if instead of it being a secret, it was a big button with “upload photo to Facebook” on it?
If Facebook outsourced the implementation of that button for each different type of camera to the respective camera manufacturers, rather than implementing it themselves, would that change it from a non-problem to a problem?
And then fb should tell you about unusual accesses to your account unless the phone vendor is also your Telco and extremely careful.
In OSes you can theoretically attack any app, but it is a pain to even debug them with different versions, changes to their custom storage formats, etc.. Unless they build an ABI, document which parts are stable and give it to you.
Once the manufacturer goes outside the licensed API and uses your credentials to do more than Facebook allows, it commits an actual crime against you in most jurisdictions.
My bet: no criminal cases. Facebook charging less than 50k for violation of an API contract on data that isn't theirs, if numbers are disclosed. No standing for users except in a class action that get $5 or less on a new phone or $2 or less as a check.
With the API, presumably there's an auth token that is only stored on your device. Facebook should also be able to detect unusual access with an auth token. Really, the auth token makes it easier to detect funny business than a username/password.
Apple is a pretty good actor in this regard though, and they're clearly betting a lot on markets to realize the attractiveness of that.
> This is why Right to Repair legislation has become necessary, for example.
I'm not sure I see how a "bad" actor (maybe like Apple) in terms of the Right to Repair is relevant in the context of trusting device manufacturers. If anything I think Apple's (somewhat self-serving albeit not completely detached from reality) argument would be, and has been e.g. https://news.ycombinator.com/item?id=11047359, that their control of device repairs and servicing decreases the risk of malicious software or hardware components being installed.
FWIW I'm partially in the same boat: I like Apple the company and I'm happy for everyone that likes and uses their products but I'm kind of incompatible myself.