Here’s the eerie thing about Facebook’s supposed week of security woe. The overwhelming majority of its users either couldn’t care less or choose to ignore the fuss because there is nowhere else for them to go.

Facebook reportedly has over 500 million user accounts, up from something over 400 million last September, which hardly sounds as if the site is experiencing an exodus. Against that the ‘We’re Quitting Facebook’ movement can cite 16,090 users who are heading for the virtual door on the appointed day of protest, 31 May.

It might be a symbolic protest punching way above its numbers, but it is still remarkably small given what look like justified concerns.

The Facebook security issue has a number of layers of worry. It’s hard to work out which of these is the biggest threat, long term. I suspect it is not the predictable rise of rogue apps trying to lure people to malware because that is almost unavoidable and can be controlled with diligent policing.

The best example of this is the sizable distracting beach babe attack of recent days. The Internet is full of this kind of stuff and the issue for Facebook is really about not allowing criminals to exploit the implied web of trust that the service is supposed to offer. Its business model depends on enabling third-party apps so this is always a risk.

Next up are actual software flaws in the service itself, including one from last week that allowed unauthorised individuals delete Facebook users’ friends. This is a pretty basic hack of the sort seen on all services from time to time.

The third and potentially most serious layer is how Facebook itself handles user data and to whom it gives access, and how it explains all of this to its users.

The accusation is that Facebook’s privacy controls are too complex, that is shares data with third parties without explaining that it is doing this, and even that the service can be incredibly difficult to drop without the user leaving indelible traces behind them.

Facebook’s perfect storm is to have experienced all of the above in the space of a few days, although CEO Mark Zuckerberg will imminently announce an overhauled privacy setup.

The bald fact about Facebook, and social networking sites in general, is that they weren’t built to be particularly private. They were also built to be free at the point of use, which relegated the users and their concerns down the worry scale.

This is and always has been, the issue at the heart of the Internet. If you don’t pay, you will tend not to be consulted and change to the service will happen without you being asked about it in advance. Now add hundreds of millions of users to the mix and the scale of this assumption starts to looks naive. The bigger something gets, the more its deficiencies become magnified.

My main is to remember that Facebook’s size and power should give users cause to think through its value carefully. If its attraction is as a walled garden from the badness of the Internet then remember that the same wall can also stop people getting out as well as in.

Most of all, remember that Facebook is not compulsory. The risk it presents is a choice, including believing whether its founders are sincere.