In this case, the user clicked okay on a dialog that said something like "Share my friend list with this application." It would be sane at that point to expect that the application has access to your friend list. The application typically doesn't want to do a "computation", per se, they want to do something like show you your friends that are already using the application, so that you can share things with them and so on.

There are many, many services that share data in this way. iOS and Android share your contact list in a similar way, for example. And those services have the same exact problem, that sometimes third parties leak data. There is no other, better-implemented way for a platform to share data.

In the end, this is a "scandal" because Facebook is getting bad press already for other issues, and people do not really understand the nature of data platforms so they cannot distinguish big problems from small ones.