Would be really interesting if one of those non-OAuth email providers scoured their logs to find the Facebook "logins" and see what, if any, requests FB made against the server after successful authentication.