The new approach is running into some criticism from critics, who say that the defaults on the new policy open up the availability of the information, which means the user needs to take specific action to restrict access. Some feel it should be the other way around.
Others point out that Facebook had touted the new policy as tightening the security around individual privacy, but that the policy tends instead to extend availablility, in some cases to the entire web.
Maybe there is a need for some tweaking. Here's one take on the situation.