Is it safe and appropriate to include consumer key and secret in OSS desktop applications? That will make them publicly available on the Internet.
This, of course, would allow anyone to copy the credentials and use them in a different application. As long as Twitter tracks and deals with abuse by user rather than by application, that shouldn't be a problem, right? If it isn't safe or appropriate to include consumer key and secret, then what's the alternative?
