Sorry, either either the autolinker or I screwed up that post. My point was that if people cared about security, they could have been visting the facebook login page by manually typing HTTPS in the first place.

True.

I don't use FB, but someone on Slashdot was saying it likes to reply with every link going to http anyway. Based on my experience with Twitter and other sites, this sounds very plausible.