You're an idiot. This is not a security hole. This is a feature. It's the way OAuth is designed. Should twitter make it clearer how applications are posting to your account, and make it easier to see and revoke tokens. Sure. But they already do that, just maybe not as clearly as you'd like. Posts like this are sensationalist SEO spam.