Here are the changes launched today, 2009-01-12: Fixed: some methods were defaulting to JSON when no format was specified. A format must be specified for all API calls.
Security: it was possible to discover the currently logged-in user via an unauthenticated call to the /statuses/user_timeline method. This is a potential privacy concern, and was disabled. Fixed: Atom feeds for timelines incorrectly reported all user profile pictures as image/png. This may take up to a day to propagate through all of our caches. Fixed: Requests with &id= and no value returned a user rather than an error. Now an error is returned. As always you can review changes by checking the change log at http://apiwiki.twitter.com/REST+API+Changelog. Thanks; — Matt Sanford / @mzsanford
