You have facebook being this huge target for attacks and you combine that with 10,000 engineers with likely not a lot of security training.
Even a single point of failure could compromise the whole site, what are the chances that no one makes a mistake?
Its like the bigger your company grows while still having a single product, the higher the probability something like this happens...