A "secure" website is only as secure as the third-party plugins/widgets/services that it uses
Yesterday, pages on numerous major sites including CNN, Tumblr, NBC News were affected by a Facebook Connect bug that redirected users to a FB error page.
Facebook issued this statement, but chose to keep quiet on exactly what went wrong -
“For a short period of time, there was a bug that redirected people logging in with Facebook from third party sites to Facebook.com. The issue was quickly resolved, and Login with Facebook is now working as usual.”
One quick fix to this problem was to log out of Facebook. One netizen commented - "This is a good solution to many problems, actually."
When you use third-party plugins or widgets or services on your site, you have to prepare for the fact that these can compromise the privacy and security offered by your website.
Related: Sage advice on security