Allowing users to import contact lists from other services is a useful feature. But the means have to justify the ends. Empowering the user to import data through an authentication layer like OAuth is the correct way to export data. On the other hand, asking users to input their email address and password from a third-party site like GMail or Yahoo Mail (As Facebook does, for example.-TEH) is completely unacceptable. Here’s why:
It teaches people how to be phished.
This issue was raised by Tantek at Fundamentos Web. Rigo Wenning—privacy activity lead at the W3C—was quick to back Tantek’s position. While we can’t protect people from themselves, we have a duty not to deceive them into thinking that throwing passwords around like confetti is acceptable behaviour.
I would suggest that schools and teachers should take an attitude about Web 2.0 applications reminiscent of Postel's Law, which states:
Be conservative in what you do; be liberal in what you accept from others.
Except in this case it would be:
Be liberal in what services you allow, be conservative in what your endorse or require.
A case like this is not in itself a good reason to forbid Facebook in a K-12 school, but it is a good reason not to require it. We don't need to teach kids how to socialize online, they're pretty good at figuring that out, but we do need to teach them how to maintain their security and privacy online.
Kids are, with justification, going to see a requirement to use an online service as an endorsement of its practices, and it is the nature of web services that users cannot control what practices a service may adopt in the future. Therefore, schools may inadvertantly teach bad practices if they require the use of services they do not control.