I'm being pedantic, but "roots your Facebook" is a massive misuse of the word root.
I doubt Sony has the ability to do anything it wants with your account (It can't change your password, it can't revoke permissions of another app) so they haven't gained "root access" to your account.
I also doubt that Sony is hacking or getting this access through illicit means. Sony doesn't "root" your account through some sort of exploit, Facebook has most likely given them that access. (As a few others have mentioned)
You're right that this is disturbing. Poking holes into the security model in other to make the user experience more convenient is something companies do depressingly often. Here's an example that surprised me recently, if you activate your android phone by signing into a google account it ignores two-factor authentication and only asks for your password.
:) I didn't think it would make it this long without someone calling me out on that but you are 100% correct, rooting is not the right term for what happened since they did not actually control the account. Some might argue however, that since they took the liberty to allow everything possible that for all intents and purposes (except of course changing my password which would do them no good anyway) they had administrative access to my account.
Also, just to clear up what happened, I was asked to allow separate permissions for modern warfare 3 (much less lenient ones) and when i did that, psn also hopped on board and opened up everything (which I clearly did not authorize). I don't think that facebook has anything to do with this except for the fact that it is possible. I would hope that this sort of use of their service makes them unhappy.
I would take personally any app that asked me to allow certain rights and then piggybacked on every single possible right without notification. Some people don't care, I think it is an issue to bring to everyones attention. I'm glad you got amusement, hopefully some others got more.
Here's an example that surprised me recently, if you activate your android phone by signing into a google account it ignores two-factor authentication and only asks for your password.
Are you sure about this? Perhaps you have the "Remember this computer for 30 days" cookie around?
I saw your other comment that mentions your phone obeys 2Factor. Are you by any chance not running Ice Cream Sandwich? After I completely wipe my Galaxy Nexus it still doesn't ask for 2Factor. It doesn't even require an application specific password, it accepts my real password with no hesitation.
You've probably accidentally disabled the two-factor auth on your account. I strongly recommend checking.
My phone always asks for two-factor auth. In fact, I had to wipe my phone and re-auth, so I used one of the throw-away codes. When I re-init'd Google Auth app (which annoyingly requires disabling and reenabling two-factor auth, AND invalidates one time use keys), it immediately reprompted me to complete an oAuth cycle with the two-factor code for the core Google account on my phone.
I doubt Sony has the ability to do anything it wants with your account (It can't change your password, it can't revoke permissions of another app) so they haven't gained "root access" to your account.
I also doubt that Sony is hacking or getting this access through illicit means. Sony doesn't "root" your account through some sort of exploit, Facebook has most likely given them that access. (As a few others have mentioned)
You're right that this is disturbing. Poking holes into the security model in other to make the user experience more convenient is something companies do depressingly often. Here's an example that surprised me recently, if you activate your android phone by signing into a google account it ignores two-factor authentication and only asks for your password.
[edit, removed a patronizing paragraph]