If the user uses Facebook login they're already showing they trust Facebook. This just means they don't have to also trust every app developer. Also Facebook obviously can't see what your service stores against that anonymous (to you) user, so there's no real data leakage here. Your solution only works if you don't need a login at all - if you do is anybody else offering anything like this? As a user it sounds great.