UPDATE: Facebook explains the security procedure here. Apparently they only use photos if you have not set up another verification means. Also, I have confirmation that the photo identification is not being done for a secondary purpose.
I recently tried to sign on to Facebook from a coffee shop. I was told that I had to pass a security screening because of the "strange location." Fair enough. The actual test, however, was surprising. It was comprised of a multiple choice exam where I had to identify who was in a given picture.
A couple of things. First, some of the pictures were embarrassing. I doubt the person who uploaded them thought they would be used to screen for improper access. Think about it. Facebook is showing random private photos to people because it suspects they may not be the account holder. The photos must be private because they form the basis of a security screening.
Second, there were something like seven questions. I cannot imagine why so many would be necessary. Is Facebook trying crowd-source the effectiveness of its tagging system a la reCAPTCHA? Who knows. [Author's note: Facebook assures me that they are not.]
I doubt anyone is hacking Facebook accounts from a coffee shop in order to sneak a peak at random photos. [Author's note: Several people have pointed out that the alternative is to simply let people in to the full account. That's true.] But recent events mean that Facebook must be like Caesar's wife: above suspicion.