"Responsible disclosure" is like the expression "digital rights": something that makes the opposite meaning so ridiculous that you sound like a looney if you dare disagree with it. ("Why would anyone want irresponsible disclosure? Why would anyone not want rights?")

In this case, the original blogger did not follow "responsible disclosure" practices (which means "don't tell anyone about this, we want our PR team to spin the news first") but what he did was not irresponsible. He told the users whose data has been compromised that they should be careful with Facebook until the investigation is complete and details are disclosed. Now the user has the ability to make a rational and data-driven decision rather than hope Facebook will make the right one for them.

I'm not saying one way is right or wrong, but coverups rarely cover up good news.

I don't see how a warning in this instance is helpful. Knowing that the data was likely scraped somehow from Facebook, what is the rational and data-driven approach to take? Unless there is a specific set of actions known to mitigate the risk of additional information leakage, saying "be careful with Facebook" sounds nice but doesn't help anyone. So why not let Facebook's security team do their due diligence first and then fully disclose the information later?