> Anytime you enter your credentials, regardless of where, you open > yourself to being snooped. I believe that is far less likely when > communicating with YOUR app on YOUR computer, than it is via a browser > over the open Internet to a 3rd party that may or may not be who you > think it is...
Supporting this option though Twitter is dependent on the security procedures of every 3rd party to maintain the integrity of an account. With OAuth at least should an individual 3rd party have their security breached then access to just that 3rd party can be terminated. Also with basic auth developers are required to store passwords in plain-text (or at least in some retrievable form) and as someone else has already pointed out with the propensity for users to use the same password on many services this exposes them to undue risk from a breach of a 3rd party or via a malicious developer. I'd sleep much easier at night if I didn't know anybody else's password, I'm sure the Twitter team would prefer if only a user knew their own password too. -- Glenn http://glenngillen.com/ -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
