I usually don't like it when people say "trust me", but I'm going to just this once: Trust me, security in a distributed social networking app is most definitely not a straight forward technical problem.
Most of the security problems that have been criticized in the articles have straightforward solutions.
That said, you're right that there are a host of security problems that people will find out about once everybody starts using it in a distributed fashion. These are the ones I'm really interested in, too.
I'll up it one further and repeat what I said in the previous diaspora thread: Their architecture has bigger problems than mere security holes.
The idea of basing a distributed social network (solely) on "fat hyper-peers" is flawed.
Apart from the countless organizational issues there is simply no way to establish trust (in the cryptographic sense) in such a design. End-to-end trust can only be created when the users run their own nodes that hold their own private keys. And no, these nodes don't have to be always-online for such a system to work.
All I can see in the diaspora architecture is a strong case of "When all you have is a hammer then everything starts to look like a thumb".
If you want to see a more realistic approach then look at FreeNet. They have pretty much everything in place that would be needed for a distributed social network, but they burdened themselves with the requirement of anonymity.
Rip that part out of their codebase and there you have the first (and fundamental) half of your distributed facebook.
