Hey everyone, Everyone may know this already and I may have not been diligent enough, but this scenario came up today and the person who brought it to my attention said they see it a lot in many apps.
Basically, - I have an app http://www.twibs.com <http://www.twibs.com%20> (a directory of businesses on twitter) and am making "statuses/user_timeline/$nameofentity" calls for visitors to see recent tweets of the business entity. - A business user contacted me today and said their protected updates were showing up on twibs - This is because the user is following my application alias "@twibs" and I WAS using my twibs credentials to authenticate with the api - thus when I make the api call, the users protected updates are open to and were thus shown publically on my site So, if your application does something like mine, you may want to make sure you are using credential from another account so this scenario does not unfold. I am sure most of you studs (Jazzy Chad & Gang) already see this, but I didn't. Peter
