On 4/27/2010 4:38 PM, Taylor Singletary wrote:
The twitter screen name is less of a concern, yes John. But a Twitter username can take an email address also, which isn't information otherwise provided by the API and is personally identifiable and especially dangerous when stored in conjunction with a password. A screen name, in context with data we return to you falls under our rather liberal caching policies -- you get the screen name along with the user id as a response to a valid access token request.
but you're more concerned with the two being stored in such a manner (i.e. together) that a person could use that information to access a Twitter account outside of the oAuth? and as far as the e-mail is concerned, a lot of sites also register their users through e-mail addresses on their own.