Somehow, I missed the news (last year) that Facebook allowed you to upload your PGP key. By default, this only becomes part of your profile, so that others can look up your key. There is a checkbox, though, which will cause Facebook to PGP encrypt any sensitive account-related email to you.

You can tell Facebook your key here.

From The Guardian:

Facebook is offering users the ability to encrypt password reset emails for the first time, using the popular PGP email encryption standard. Users who want to take advantage of the new security standards can tell Facebook their public key, and the site will then ensure that any sensitive emails that it sends out, such as password resets or other notifications, will be encrypted. The company will also cryptographically sign messages it sends, which allows users to verify that the sender genuinely is Facebook.