I wouldn't touch an unsigned Java jar file right now. There's some nasty Java malware flying around; here's the current vulnerability report.
Why not? It would be unexpected for an entity as large and pervasive as Facebook to have not signed their tools.
If you performed this download yourself from Facebook — that you did not acquire this Java jar from any source other than directly from Facebook — then I'd send a note to the Facebook folks and ask them how to verify the file and the set-up, and to specifically ask why they're not signing their tools. Or what went wrong here.
If you really want to run this stuff, then you can use System Preferences > Security to override the requirement for signed applications; here are some details on Gatekeeper (HT5290).
Some of the Java malware that's around is reportedly ransomware — it encrypts your data, and then ransoms it back to you.
Here is a related note on disabling the Java browser plug-in, though that should be automatic on recent OS X releases.