This is what worries, me. Facebook is buying up exploits? I know there's a steady supply, but without knowing what software they're referring to or what the exact nature of the exploit was, it's hard to know what to think. Privilege escalation, arbritary code execution or what? Was it in the OS or some application they themselves developed? If it's the OS, then that would be really disturbing.
But in terms of 0-day exploits, I believe there is a ready market for them if you know where to look, and are willing to pay.