Another advantage to IFrames is that it makes porting your app to OpenSocial easier. The two platforms seem to be converging recently: Facebook enhancing their Javascript APIs, and OpenSocial building their REST APIs and working on an equivalent for FBML.
Got a link about OpenSocial getting closer to the Facebook model? OpenSocial have always had REST APIs, did they start to call your servers like Facebook does?
Funny how Facebook drifts toward the architecture OpenSocial used for integrating 3rd party apps from the start: javascript-heavy client making calls to the platform API and (optionally) to the application's own servers.
FWIW your first two issues are addressed on the post. <fb:serverfbml> can be used for extended permissions and some other js provided by FB for automagic iframe resizing.
I agree with your point though, I think not requiring FBML apps to reload all the FB chrome would be a better solution. He mentions that this is in the plans at the end.
<fb:serverfbml> came out 30 days ago. That's about six months after you could do extended permissions stuff in fbml. In my book, that's a second class citizen.
The resizing code for iFrames is broken. I've talked to Facebook's engineers about it. They know it. The reality is that it is nasty, tricky, hacky code that is hard to get right and harder to keep running. It runs directly into the weakest part of cross-browser javascript wizardry: the DOM and dynamically resizing divs. Their advice was to avoid it.
Look: I built an iframe app. It was the right thing to do for my business. But it is in Facebook's interest for fbml to always be a little more functional and at least a little better.
