The user doesn’t manipulate the EM spectrum with his mind, but through user agent hardware, firmware, and software. The client stack necessarily has the same access he does.
Yes, so it might be OK for software written by a third party to access FB with the second party's authentication and privileges, when running on the second party's device.
But that doesn't make it OK for that data to be stored on the third party's servers or be otherwise available to the third party.
