You're both right, if you talk about different sorts of risk. There's far more chance that you'll get authentication wrong than Facebook -- and that's a risk. It's probably more likely that your authentication service will go down than Facebook's. But if it's all yours then Facebook has no control over you, so that's one less risk.
As for which risk is the most important risk, well, that's up to your business to decide. But nothing is without risk, all you can do is choose which to expose yourself to.
As for which risk is the most important risk, well, that's up to your business to decide. But nothing is without risk, all you can do is choose which to expose yourself to.