This is not about facebook not hashing credentials, it is that they appeared in internal logs.
Facebook is probing a series of security failures in which employees built applications that logged unencrypted password data for Facebook users and stored it in plain text on internal company servers.
Source: Krebs on Security
Just one open source example … freeradius has an option to log passwords:
log { destination = files auth = no auth_badpass = no auth_goodpass = no }
Or another example: The apache web server has a module that dumps all POST data, with passwords, in plain text:
I don’t agree that this is “absolutely malice”, it could also be stupidity and forgetfulness.