The twitter screen name is less of a concern, yes John. But a Twitter username can take an email address also, which isn't information otherwise provided by the API and is personally identifiable and especially dangerous when stored in conjunction with a password. A screen name, in context with data we return to you falls under our rather liberal caching policies -- you get the screen name along with the user id as a response to a valid access token request.
Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod On Tue, Apr 27, 2010 at 3:28 PM, John Meyer <john.l.me...@gmail.com> wrote: > On the xAuth page you say "Storage of Twitter usernames and passwords is > forbidden". Now given that you don't want applications needlessly querying > the system and you've encouraged caching of information that isn't likely to > change overtime (such as a username, screenname, etc), would I be incorrect > in presuming that you are more focused in not having the password stored > than the username? >