I agree with you in principle, however you are ignoring the business value the external auth provides. Specifically there is a large subset of potential users who can not be bothered to sign up for your site via email, but will login with Facebook.
If you want to take advantage of this market then there are ways to use Login with Facebook without being wholly dependent. Basically if you have full account management, but you allow third-party authentication that ties into that account, especially allowing multiple OAuth providers to be linked to a single of your internal accounts (eg. see how Stack Overflow works), you can significantly mitigate the downside.
The purist and old-school web head and open standards guy in me hates it, but you can't argue with the business case for it.
>there is a large subset of potential users who can not be bothered to sign up for your site via email
There is a simple solution to this. STOP ASKING USERS TO SIGN UP! Do your REALLY need to collect the users e-mail? Do REALLY need them to have an account at all? If you do, then when they register don't ask for their e-mail address if it isn't necessary, or at least make the e-mail address an optional field. Hacker News never asked for my e-mail, because there is no need for them to have it. I probably wouldn't have made an account if it did require an e-mail address.
Sure, it's a trade-off, we probably just disagree about the level of risk involved and the benefits gained.
As you say with FB login there are ways to mitigate that risk, but to take one example - if FB charge for the service in future at 0.01c per use, many of your users will still want to login with FB because it's easier for them, and you'll be stuck with the bill. This happened with sites using google maps in 2012 when they started charging - each of these decisions has to be weighed up individually as a risk, but I think login is too important to delegate to another site and a significant addition of complexity and risk.
It's not one level of risk-reward, you need to take a look at your specific case to make the call. Formulating a blanket opinion about this outside of a specific context is not wise.
That said, your example doesn't demonstrate much risk at all. What are the incentives for FB to start charging for this? It just doesn't make any sense for them to give up that data and that control to try to squeeze existing site operators out of a buck. I mean, never say never, but the risk is much less than it was with Google Maps where you always had to be asking what Google was getting out of this expensive and difficult-to-build-your-own service.
If you want to take advantage of this market then there are ways to use Login with Facebook without being wholly dependent. Basically if you have full account management, but you allow third-party authentication that ties into that account, especially allowing multiple OAuth providers to be linked to a single of your internal accounts (eg. see how Stack Overflow works), you can significantly mitigate the downside.
The purist and old-school web head and open standards guy in me hates it, but you can't argue with the business case for it.