We have never been informed of any security issues with JFBConnect in the file you mention, and it's been over 3 years since *any* security related issues have been reported or found in JFBConnect.
I can't guarantee you that no vulnerabilities exist, but there are none that we are aware of or that have been fixed recently.
As for your description of the issue, JFBConnect does not use or install a file in the path of:
/components/com_jfbconnect/index.php
If there was an 'index.php' file in that directory, it wasn't put there by JFBConnect. Additionally, no features of JFBConnect expect an index.php file in that directory and our code wouldn't normally try to execute that file.
The only files that should be in the /components/com_jfbconnect/ directory are:
autoloader.php
controller.php
jfbconnect.php
I hope that helps explain more about JFBConnect, but if you need anything else or have any more information on this issue, please let us know.
Thanks,
Alex