Yesterday Facebook admitted that for years they have been storing user passwords in an unencrypted file that was accessible to their staff. There’s no documentation that the file was accessed externally (e.g. hacking) but there’s nothing to prove that it was secure either.
If you use your Facebook password on any other sites else, I recommend that you change the passwords for those sites to something new immediately. It’s not best practice but I know that lots of people use repeat passwords. Going forward I would recommend giving Facebook a unique password that is not shared with any other sites (again – best practice is to never use repeat password).
If any of your less tech savvy friends or family use one password for everything online, I’d highly recommend that you help them change this password. Especially if they share their Facebook password with a critical account such as their email or bank.