Hi Peter, I agree, that's why I said at the top of this post "Twitter has a gaping security hole. " There is nothing to suggest that OAuth itself is flawed - nor is it less secure than giving a random site your password. I'd much rather use OAuth. But if someone does have your password, and uses OAuth before you have a chance to change it, they will still have access to your account even after the password has changed. I haven't exaggerated anything. Create a dummy account and try it for yourself if you don't believe me. T