Is it proper to be informed that I entered an old password
Is is fairly common to keep a password history in an authentication system. Remember, they are storing hashes/representations of your password, not your actual password and are comparing against those, so there is not a lot of risk of exposure or social engineering here. I guess there is a small risk here, that if an attacker is intercepting your network traffic and is MiTM (even on SSL) he will see your password and now its an old one, and can assume you are using the password on other sites. However, if your traffic is already being intercepted they will see the new password as well, and probably all of you other traffic.
The prompt saying when you changed the password does not pose a real security risk. This is so that way you determine if the last password change was performed by you, if you don't remember changing your password at that time, you should make sure to change it now and figure out how you were compromised. As for the local network or computer, its probably just using your public IP address; if you are behind a home router (using NAT) all of your computers will appear to the Internet as the same IP. I am actually surprised it doesn't tell you your password was changed from another PC or network, I've seen Google warn me about attempted logins from IPs in other countries.
I am not sure where the social engineering issue is in this scenario - are you being asked questions like "What high school did you go to?" as a challenge question (e.g., something public or part of your Facebook profile?).
I'd say it becomes a tradeoff - what is the risk of an attacker getting in with an old password, getting the message, getting a channel to the legitimate user, using a social engineering attack to get the legitimate password versus the risks/costs associated with users not getting this reminder, and instead contacting tech support, or forcing a password reset when a reminder would have helped.
I suspect in this case, it worked out that the benefits of the reminder outweighed the additional information. Particularly since it is likely that getting an old password for a user is as easy as getting a new password, so why spend the time getting to this message if you can just hack into the account?