In the case of a username/email + password login, the password is sent to Facebook. Code on their end uses a one-way encryption to turn it into a unique value that's compared against a value they stored in the database when you set your password. As long as the one-way encryption is done with the same values, the two passwords match, and FB knows that you've typed the correct password without them having to store your plain-text password in their database
Some insecure websites (not Facebook) may not do this, and instead store your credentials in a database without encryption. It's a terrible idea, and GP's comment seemed to be referring to this when they (correctly) suggested that no one should have access to a database of plain-text passwords.
The replies mostly refer to the fact that even if the password never hits FB's database, there is still code running on authentication servers that handles that password in plain text before it's been encrypted. Limiting engineer access to authentication servers is a good idea, but it'd be challenging to prevent ALL engineers from having access.
