I agree that twitter needs to do a better job at showing what activity an app is doing on your behalf via oauth. With Fire Eagle we show latest updates / use per authorized application. Calling them connections is confusing. And they don't provide any audit of what these applications have been doing. It'd also be good if there were a note / link from the password rest page to the connections page. But this is a relatively minor UX change. Not a security problem in OAuth. We should be following best practices. Which i did with my implementation.