Facebook is likely to improve this security issue in future.  And users should be cautious in safeguarding their privacy as documented below:

https://www.pcmag.com/news/366918/facebook-doesnt-allow-phone-number-look-up-opt-out

Facebook won’t let you opt out of its phone number ‘look up’ setting

Facebook is facing fresh outrage over allowing everyone to look up users with a phone number.  The default setting for phone number look up is ‘Everyone,’ and you can only restrict access to it rather than being able to opt-out of the feature completely

As TechCrunch reports, a tweet by Jeremy Burge on Friday raised alarm bells as it revealed Facebook won’t allow users to opt-out of having their phone number used to look them up. It can be restricted to “Friends of friends” or just “Friends,” but the option defaults to “Everyone.” Even if you have no phone number listed on your user profile, a number used for two-factor authentication (2FA) will be associated and used for a look up search if it is available.

Facebook allows users to add phone numbers to their profile, but also encourages the use of a phone number for 2FA on their accounts. Last year, it was discovered that the social network was allowing advertisers to target users by uploading information which Facebook could match against a phone number. This included numbers provided purely to allow 2FA to work.

Facebook also acknowledged the concern by stating, “We appreciate the feedback we’ve received about these settings and will take it into account.”  If you have a Facebook account with any phone number listed, be that for 2FA or otherwise, the only thing you can do to restrict its use for look ups is to change the setting from “Everyone” to just “Friends.” You can find the option in Settings under Privacy.