The commenter didn’t make that “false equivalence.” Their point is that there are valid reasons a user might want to allow an application to access their messages.

For example, reddit’s API allows applications to access messages, which is useful for third party clients.

But someone could pay you for your exported Facebook data (which can include data from friends such as your message history, etc). From my understanding, this is essentially what CA did. CA just obfuscated they were doing this by using the Facebook developer program to automate this process and Mechanical Turk to pay users to give them their data. I agree the Facebook developer program made it really easy to phish for this data.