The authentication sequence and low-level communication is actually quite straightforward. Authenticating needs an embedded instance of Internet Explorer to handle the login (because it's all done via web pages), but that only takes a few lines of code to achieve. Retrieving data is also reasonably easy to achieve and the Microsoft Scripting API works quite nicely for decoding the JSON. So far so good.
The fun part is then making sense of everything. What I want to do is grab the news feed and display that (later on I intend to filter it, but for now I just want the lot). Unfortunately the news feed returned is missing a fair number of updates (like any status updates made through the website). Except when it contains updates that aren't on the actual Facebook webpage. And the objects are missing fields that are specified in the documentation (like, for example, the name field on photos). Except when the fields are actually present with different names. Except when the information needed isn't available at all, despite the Facebook website showing it.
Oh, and I lied about the authentication being straightforward. It involves a maze of twisty permissions, all unclear.