The 2.6 version does prompt user's for their email address. This is the recommended method from Facebook for asking for user's emails. There were other ways to do it in the past, but FB has constantly changed their attitude toward these alternative methods, so we're not planning on implementing them.
As for the logging in and swapping users, currently, we don't have a way to prevent this as we auto map the account to the Joomla user that is logged in. We recommend always logging out when you are done with your session, and making sure the session timeout is not overly long. The default for Joomla is 15 minutes.
For version 3.0 which will use the Facebook Graph API, which is being worked on now, we plan to overhaul and re-evaluate all possible issues like the ones mentioned here and provide either more options for configuring functionality, or making changes to default behavior as necessary.