It is apparent that any publicly available electronic forum or system connected to the internet with a large user community such as e-mail, irc, Twitter, and Facebook will in a short time of becoming popular get hit with by massive volumes of spam. Either eliminate the problem or run out of users. Facebook is facing this now and needs to get its act together; Twitter went thru this phase and took measures to minimize the effects of dodgy shortened URLs.
Spam is an electronic disease any online service that counts on being used by a large share of the internet user must take proactive measures against; typically it seems that to most online services this comes as a big surprise. Given the history of spam this is not anything new, so why does it seem to pop up as a big surprise for new services once they gain user support?
One very strong driver of spam is also an extremely useful thing; URL shorteners offer a valuable service in compressing long URLs into short ones. When posting links especially on services such as Twitter the need for short URLs is evident. The problem lies in the destination not being visible with many of these URL shortener services, and for these the huge challenge is to proactively check the submitted URLs in order to deactivate those which are used for spamming or lead to malware.
When blocking of URL shorteners abused by spammers starts kicking in, the market for the safe URL shorteners will become a huge opportunity. Security companies' that also offer URL shorteners like Mcaf.ee [EOL...] have apparently seen the opportunity for new business, their URL shorteners offer enhanced security which is a step in the right direction for bringing down spam and supporting transparency of the destination domain.
Facebook and any soon to be popular online services need to be secure on handling short URLs created by functionality of other external websites. In fact they should alternative secure services if they do not offer any and enforce the use of those that are secure. As with any kind of spam management, shutting the door for dodgy redirects and questionable links displays a clear message of them taking security seriously. At the end of the day being able to see the domain where a link leads to isn't 100% safe either, but it is better than nothing.