I think all messages posted from the API should require a source name, or at least default to "api" instead of "web"
Many apps, like the recent Twply scam, post messages/ads to twitter on behalf of their users, tricking friends into thinking it is a legitimate hand-written post. So if ONLY posts made via twitter.com had the source of "web", it would be more clear to twitter users that other sources may not be hand-written posts from friends, and possibly lead to less viral scams.
