
What people don't understand about OAuth - davewiner
http://scripting.com/stories/2010/09/11/peopleDontUnderstandOauthB.html
======
gojomo
It's Twitter's decision that each 3rd-party gets full "be you" permissions;
they could choose otherwise and still use OAuth.

And the fact that everything done by a bad actor can be attributed to them --
for reversal or blanket punishment -- does add a lot of security, in addition
to the party-at-a-time revocability.

