My only concern is my account security (not money).
I found this issue with almost no technical knowledge, so the crazy thing is:
How many back doors should be over there ready to be exploited by spammers?
BTW, a big "report security issue" button on https://www.facebook.com/help/ would certainly help next time.
I don't think it's a good idea to link it from the general support section -- you don't want the security team that is hopefully carefully monitoring this stuff to have to wade through thousands of regular customer service complaints.
I agree that you don't want reporting a security issue to supersede the general case of problems, but as things stand it is hard to figure out how to report a real security issue if you don't know about that magic whitehat url.
Googling "facebook security" brings
#1 result: https://www.facebook.com/security
no information on reporting problems there
#2 result: https://www.facebook.com/help/security
this one has a Report Something link... but that doesn't give you options for reporting a security issue, just TOS violations or copyright infringement.
#3 result: https://www.facebook.com/security/app_10442206389
This looks better than the other two, but there is still nothing here about how to report a security issue.
Knowing what to look for, there's a hidden "Take Action >> White Hats" link that will eventually take you to the correct page: https://www.facebook.com/security/app_6009294086
So click that link... and presented with a huge page of names and still no obvious call to action: https://www.facebook.com/whitehat
Oh, it's the Report Vulnerability link in that sidebar that we're been conditioned to ignore in the normal Facebook UI.
Just to recap, in order to find how to submit a security bug report, it took me 15 minutes and I still only found it because I knew the term to look for was "white hat" and not "security".
Perhaps you're right. But "Facebook report a vulnerability" works just fine and that's what I would have tried if I were trying to report a vulnerability.
It looks like the magic search term that brings you right to the report page is: "Facebook vulnerability"