Almost certainly (thanks, Dave!).
It's quite amazing that Facebook have made such a trivial error in their security architecture. It could be just as trivially fixed (by preventing searches having access to information that would not be displayed to the searcher). We will see how seriously Facebook take their users' privacy by how quickly they do this.
In general, I don't think it's a good idea to put information into social networking sites like Facebook that you wouldn't be happy for your parents, employer and local police to read…
UPDATE: Excellent post from Lilian on the legal implications.