For what it's worth, I've got mine tied down fairly tight.
I'm under no illusions that there is much actual privacy, though. All it needs is for a friend to "tag" you in a photo, and, if their settings are a bit loose, anyone on the net (pretty much) can see that photo, and any message exchanges to do with it.
If they bother to go looking, that is.
Things that I consider important are to not use the countless applications that seem to be made available.
I don't know how to make an app...never done it, but obviously a lot of users do.
Plenty of them appear to have a "viral" nature. Once you click "allow" you are letting an app, usually by someone you've never heard of, harvest your (fb) email list and your personal data. The link then posts itself to everyone on your friends list.
Plenty of apps appear quite benign. Quizzes, etc. They are not really entertaining enough for me to want to allow them, having done so previously. A few months ago I looked through all my permissions, and was a bit shocked at just how many apps I'd allowed. I went through every one of them and withdrew the permissions, and haven't clicked on one since.
That seems to work for me. It's up to you what you tie down. There are plenty of tutorials about it. Even FB has one.