just another question: is there already, or maybe planned for the future, an overloaded function like openSession(username, password) to login the facebook account? So the username and password could be stored in the database and it would not be necessary to enter it every time the app is connecting to facebook.
the Facebook plugin (and the official Facebook SDK) is designed to perform all login activity with Facebook Single Sign On, meaning that a user only needs to provide his credentials once and authorize your game for every requested permission. After the first login a token is saved within your app bundle which can then be used to re-open an old session without leaving your app when calling the openSession method. So you don’t have to save username and password on your own (most users probably won’t provide you (as 3rd party app developer) their details at all).
Are there any problems with this approach to your mind?