In September of last year, Facebook started to allow its users to store credit card information on the social network directly. The purpose is to allow its users the ability to autofill their credit card information during checkout when buying anything through Facebook.
Anyone with access to your phone could start buying items through Facebook. Since most people remain logged in to Facebook all a person needs to do is find a phone with someone already logged in and they can start making purchases.
Another risk is for the people that get their Facebook account hacked. There are many gimmicks swimming around on Facebook that trick people to give up their login information. If this were to happen to someone with credit card information stored on their account, a hacker could figure out a way to take advantage of the data stored.