Twitter should really in this case either white list all GAE IPs (I'm sure an email to Google could get all IPs they use) or allow charging API requests to an authenticated account rather than by IP (much like the REST API does). This way each GAE application would just set up a twitter account and each gets its own 150 request per hour.
Josh
