Take a look at this CNN TechNews article on Facebook Friend padding.
This article has apparently nothing to do with AppSec. However, this paragraph caught my eye:
"After (Facebook User Zorn) had sent 180 friend requests in less than an hour, an automated note from Facebook popped up on his screen warning him to stop or he’d be kicked off the site."
I think is a excellent defensive coding technique from Facebook. A defensive technique like this would have stopped the MySpace SAMY XSS worm. Samy's worm esentially added friends to his profile so fast and frequently that it took down the global myspace cluster. This friend-adding “throttling” feature could have stopped or slowed down that attack.
This feature is a wise move that will not disturb the vast majority of users. Go Facebook for your appSec excellence!