It's not about Facebook or Youtube or any site, it's about in which network you log in. Believe me, big companies such as Facebook or Google have huge security methods that are very hard to break.
When you want to use private information online, such as logging into FB you have to use a private network or else it is not private anymore. If you go to a public place and use their Wifi, you are using a public network, which means that anyone who connects to the same network can easily get access to all the packages transported during your connection and see everything you do with easy tools such as that Firefox extension that guy mentions.
You can blame FB for giving access to certain information to 3rd parties such as the US Government or simply to advertising agencies, but if you read the contract when you first register to FB it's all in there, and everyone who has a FB account has accepted those conditions.
You can't blame Facebook for security mistakes you do yourself, though