if a twitter App's Consumer key and secret were leak out, is it possible to gain a user's access token without a user authentication process ?
I am writing a opensource desktop client and has implemented OAuth for it. However, I don't know is it suitable to put my key and secret in the source? Are there any risks if i do that? Thx :)