Users who use specific apps could find the security of these compromised.
Update: Oct. 3
Mike Isaac and Kate Conger of the New York Times say that the Facebook hack has placed many user accounts at secondary sites at risk. The problem is that many subscription or donor-supported sites allow sign-in through Facebook. It's possible that credit card or PayPal info could be stolen, but there is no evidence yet that this has actually happened.
CNN has a speculative article noting that it took Facebook eleven days from Sept 16 to close the leak. It is unclear how much damage it could really do.