No, they may render in iframes; iframes are certainly not a requirement for any of those features, and some (the original commenter included, I suspect) might consider them a heavy-handed approach to the problem.
iframes are the only unit of isolation on the web. Unless you want the like button you're hosting to have complete unrestricted access to your application's private data, then yeah, the like button needs to be in an iframe.
The Facebook like button tells you when you've already liked a page. It can also show you how many likes a page has, which a simple link cannot do.
The like button is just one of many of Facebook's components which can be embedded into pages; another being the comment box which shows your name and display picture but cannot allow the hosting page to get at that information unauthorized.
Well there are ways of presenting a personalised link, and a link containing a total number, without resorting to iframes, or even client-side code. I'm not seriously suggesting they be used, merely pointing out that the multiple-iframes functionality is not a default requirement of every page on the web, as the article suggests. Some studies have shown that articles with facebook like buttons receive fewer likes than those without.
FWIW, on a site I work for, we use a plain facebook like link without any personalisation because that's all we require, and we recognise that it respects our visitors' privacy more than the full-on iframe variant.
