..like temporary passwords for instance. Say you are at your college library or airport and are leery about the security of the network, you can text FB to send you a temporary PW. It works for 20 minutes -then it expires. So, even if you “forgot” to log off, it would log you off after 20 minutes. Also, key-loggers aren’t normally “instantly” used. So by the time they are “put to use” your password has already expired.
Now, mind you if your phone gets stolen(say by a curious spouse) and it isn’t locked, then the thief could send a text to retrieve your PW and peek in. Or, if it is a real thief they have a short window of time to change your email address and phone number on the FB site to something that they have control over. But, I am guessing that would not be top priority usage for a stolen phone.