We just updated our Twitter plugin for WordPress to use the new OAuth
API. Someone just asked if it was safe to store the consumer key and
consumer secret in plain text (which it basically has to be as I
understand it, since ultimately it needs to be sent to the server in a
plain text form). I can't really think of a way that would work for
all end users to protect the two. Ultimately I guess this means that
someone could pretend to be our application if they wanted? Anyone
have any thoughts on this or any possible work arounds?