Facebook: See friends of hidden profiles

Apparently facebook's autocomplete-script for the friends search returns data it's not supposed to.

Even hidden profiles's friends are revealed. All you need is the profiles uid, which is public.

<a href="/ajax/poke_dialog.php?uid=*****">(...)</a>

The url of the php script is:

http://www.facebook.com/ajax/typeahead_friends.php?u=*******&__a=1