/whitehat is not a "complaint letter". It goes directly to the security team oncall, whose job is to keep users safe even if it means killing things written by other engineers at Facebook that had unintended consequences.
A company doesn't have a single conscience. It may have been a conscious choice by an engineer, or it may have been an unintended consequence of some other code change. Either way, I highly doubt it involved the check-off from a director-level employee.
If every decision had to get approval from the management team, then progress would grind to a halt, and Facebook would end up like Microsoft.
And because of that we should hold it with less responsibility than a single person? Even though it holds an order of magnitude more power than a single person?
Yeah, how about, no.
And about your other remark, that is nonsense. It is very possible to keep those checks to a reasonable level of responsibility and many corporations do so, with proper software engineering principles, without "turning into Microsoft".
When dealing with people's private information, one should err on the side of caution, not on the side of $$$, and it is obvious which route facebook took.
In fact, they are already in violation of several EU privacy laws, just because their privacy-pissing database has grown out of hand, they collect more data than they have the internal corporate infrastructure for to deal with this amount of private data of EU citizens in a legal manner in Europe. They went way overboard, maybe not in the US, but they are also incorporated in the EU and cannot oblige by our privacy laws because they collected too much data.
As far as I'm concerned, Facebook is on the verge of criminal negligence as EU laws for citizen privacy are concerned. So personally, yeah, I think nothing wrong with headlines of "Facebook privacy fuckup", as long as they're behaving like that, singular conscience or not.
That's why we have such laws, to keep corporations responsible.
(edit: removed snark)