Yeah.. we've avoided the de-authorization issue for a few reasons.. but agree, it's something we need to look into.
Basically, most of what we do right now is 'pulling' data from Facebook for the current user. Since that means the user has given authorization to do this, it's no big deal. If the user de-authorizes the app, then they specifically can't login through Facebook (or else they have to re-authorize) and therefore, our 'pulling' functionality will simply not work as if it's just a normal Joomla user.
Since we also create a normal Joomla user, we never liked the idea of blocking or deleting the account, because yes, it's an admin's choice. So, yes, I can see adding it at some point to give the a) and b) option. As for c), it's easy to implement as well, but much tougher because deleting the user from Joomla doesn't always do what you want it to do unless there are good User plugins for every extension to handle the delete. Most do this, but some don't which is where the problem would be.
Now that you mention it though, I like D) the best, and we'd probably make that default if we implement it.
If you need help implementing the de-authorize, just let us know. It shouldn't be that difficult, and again, something we'll probably add.. so if you're working on it, we can do it together and just get it ready for a future release.
Thanks,
Alex