So, I after spending the day looking through documentation, developer's discussion and testing various OAuth code bits, it is my understanding that there is no secure OAuth solution for open-source PHP developers. But, the August 16th deadline is still looming. And I have to be able to integrate, test, and distribute my app; with enough time left over for my user base to upgrade their sites with the new OAuth version.
So, my intention then is to integrate my app with the well documented PHP solutions for integration, which all use the consumer key and secret openly in the source code. This means that anyone who would like my app's consumer secret (or would like to build an app that masquerades as my app) will be able to download my app read through the source code and easily copy and paste the consumer secret out of the source code. This doesn't seem very secure.... or secret to me. Am I missing something??