I guess I was curious more along the lines of authentication-- the data itself I would guess is simple, but I have no idea how the authentication works. I assume it works in correlation with Facebook to get the initial authentication going, and from then on sends an identity token of some sort with each request? Not that it couldn't do its OWN bizarre auth protocol each time if it felt like being nasty!
Anyway, that's the part I would assume would be tricky? To initiate it for Farmville in particular, I would think you'd need to be able to log into Facebook automatically (no idea how hard that is, but probably not easy), replicate the cookies, and possibly traverse some oddities with the remote server until you got a valid token to pass. Is there anything out there that will auto-login to Facebook via an API? I admittedly haven't even so much as Googled it (shame on me!).
The flipside might be a bit easier, but require some manual effort, like logging in manually, and copy/pasting the already-validated cookie into your code (along with other potentially necessary info like the USER_AGENT, and so forth, that they might use to double-check. That's relatively simple; it's just not quite as automatic.
As for banning, I guess it depends on what you're doing with it. I've never played Farmville, but for other games I've played there's a limit to how much you can do. So having a bot log in to play for you probably isn't too bad, unless there ISN'T a limit. It'd be more like having a bot play for you while you were away on vacation, or to make sure you didn't forget to do your daily routine.
The other banning potential is of course if you're making false accounts and having bots play them. That's against the rules for Facebook, and possibly other sites as well.