OAuth poses a very real risk for any downloadable application. Think TweetDeck. Think Tweetie. Etc.
I'm not an expert at OAuth, but if my understanding is correct, then an application will either have to include its Consumer Key Secret in its compiled code (which most will probably do), or dynamically request it from its host server (which breaks offline usage). Now, will there be hackers and scammers that will decompile TweetDeck's code to get their grubby hands on its Consumer Key Secret? You bet your bottom dollar there will be. Many. Once they have that, they can spam the living shits out of Twitter, and there is nothing, NOTHING, Twitter can do to stop it. TweetDeck cannot request or generate a new Consumer Key Secret, because that breaks all its currently installed apps. Twitter cannot block by app because they will disable all legitimate TweetDeck users. And they cannot block by IP address, if the scammers are clever in their use of proxies. Just a thought... Dewald
