In a nutshell? Facebook says don't do it unless you want to get sued.
"This practice undermines the privacy expectations and the security of both the user and the user's friends," Erin Egan, the site's chief privacy officer, wrote Friday on the site's Facebook and Privacy Page. "It also potentially exposes the employer who seeks this access to unanticipated legal liability."
Egan said that Facebook has seen a "distressing increase" in reports of job candidates being asked for their passwords over the past few months. She notes the practice violates not just the user's privacy but also that of his or her Facebook friends.
It also might violate employment laws, according to the post.
"(W)e don't think it's right the thing to do," she said. "But it also may cause problems for the employers that they are not anticipating. For example, if an employer sees on Facebook that someone is a member of a protected group (e.g. over a certain age, etc.) that employer may open themselves up to claims of discrimination if they don't hire that person."
Earlier this week, the American Civil Liberties Union spoke out against the practice. The group said they've gotten multiple reports of people either being asked for their passwords or required to "friend" managers when they were applying for jobs.
Robert Collins of the Baltimore area had to take a leave of absence when he was told he needed to hand over his password to prove he had no gang affiliations.
"I did not want to do it, but because I really needed my job and he implied that this was a condition of recertification, I reluctantly gave him the password," he told Maryland lawmakers, who are considering outlawing the practice. Collins testified before the Maryland Legislature in February that he was trying to reapply for his corrections officer job after taking the leave of absence.
In her post, Egan said that Facebook will consider going to court if it hears of the practice continuing.
"Facebook takes your privacy seriously," she wrote. " We'll take action to protect the privacy and security of our users, whether by engaging policymakers or, where appropriate, by initiating legal action, including by shutting down applications that abuse their privileges."