Facebook now allow iframes to be included inside Facebook apps on page tabs. This means that all that Facebook proxying can be avoided. While this is great news for legitimate developers it will undoubtedly make life for those with malicious intent much easier too. No more likejacking required, no more having to persuade users to install your app, if a criminal can make the bait sweet enough just get you to visit the page, that is all they will require to start the chain that leads to your computer being compromised and used for criminal purposes.
Source: https://thehackernews.com/2011/03/javascript-hole-in-facebook.html