I've been digging around in the internals of the Facebook Touchpad app, and have found a few things.
Originally Posted by Grabber5.0
1. The key and secret are stored in files in the "keys" folder of the app.
2. The auth servers are stored in plaintext in the RestApiService.jsjsjs $file$ $in$ $the$ &$quot$;$services$&$quot$; $directory$ $in$ $the$ $app$.
3. The FacebookApiService.jsjsjs $file$ ($also$ $in$ &$quot$;$services$&$quot$;) $has$ $a$ $spot$ $for$ $an$ $access$ $token$, $however$ $entering$ $one$ $manually$ $does$ $nothing$.
I'll see if there's anything else that I can mess around with, but hopefully this can kickstart someone who knows what they're doing to do something. I think that it would be easier to fool the Touchpad into thinking that it's already logged in than to recreate the authentication system.