I once caught a thief who stole my Nokia MS Windows phone using this feature. Apparently they didn't reset the phone in the start, but put their sim in, and some of their SMS started syncing to my other phone before it occurred to them to reset. One of the message was a Facebook password reset helper message, which had the clear phone number and link to a page which had instructions on how to reset the password. Clicking on that link, also set a cookie IIRC on my laptop, Facebook started showing their DP as one of the options to login (it would still ask for their password so I was not able to log in to their account). Their DP URL has their user ID embedded in it which was enough to find their profile. Turns out they were friend with another person who was in my college (and where my phone was stolen from). We caught that person, involved the university administration, and made him give us the phone back. It was the whole scandal for a while. University expelled that person later on. (Going to police was not really an option since this was in India, I wanted to resolve matter on my own if possible even when I had phone number).