Thanx for this great article.

There's another potential place exposure of Twitter usernames and passwords: 3rd party interfaces and tools.

From what I've seen of Twitter's API, a developer creating a third-party user interface or third-party tools has to ask the user for his/her username and password to do anything involving information only the user can see.

This concerns me for two reasons.

One, as a Twitter user, if I want to use those third party tools/interfaces, I have to trust that those third-party tools are not maliciously collecting that information.

Second, I run a web development shop. We build websites for others, but we also like to dabble in creating tools/apps for things like Facebook and Twitter. We have several ideas for Twitter add-ons.

We'll have to take extra steps to protect any usernames and passwords we're trusted with to make sure they're not compromised, plus we'll have to take extra steps in marketing to make sure we establish trust with our potential users.

From what I've seen, if Twitter could implement something like I've seen used on Facebook, it would help with those kinds of concerns as well.