The interesting part of that article for me was at the very end:
"Facebook's HTTPS workaround was rather crude; if users clicked a link to a Facebook app, the site would ask them if they wanted to switch to a standard HTTP connection as the content they wanted to display could not be displayed using HTTPS. Once users clicked continue, the site completely disabled the HTTPS option under account settings in the background without indicating to users that it would do so."