This. It's very well done and all, but what is the point? That if you explicitly allow access to one specific application, that application will have access? Or is the creepy guy supposed to be the app developer?
A better idea (maybe not possible, I dunno) might have been to have different things happen based on your privacy settings. That would actually call people's attention to something they should care about, instead of just fear-mongering to everyone regardless.
If you care about your privacy settings and lock them down. you are (probably) not the target audience. And part of a minority anyway.
Speaking of which, how many of your FB friends would grant ~impersonation~ rights to an app without lots of thoughts? And - could that app then, using your _friend_ as proxy, play this particular game of fear with you?