> The criticism only applies to users who reused their passwords on other sites, because Edward can still attack those other sites.

Of course, but that's a weakness that concerns the user, not the platform.

It is not a flaw of Facebook's security model.