You should be using unique passwords for every site you sign in to anyway. That’s just common sense for good security practice.

To quote Diesel Sweeties: "Have you met people?"

That's exactly the problem. Given the myriad accounts people have these days, passwords are a pain to remember, while you or I may not reuse them, many people do. That is the reason OAuth and OpenID were created. That tweet regarding "shaming Twitter into OAuthing" may have been made tongue-in-cheek, but there's a grain of wisdom in that remark.

And while the article is a bit sensationalistic - calling Twitter users "gullible" and focusing only on the newly Twitterank site - in reality all of these sites that use the Twitter API are just as guilty... and that actually makes the problem worse. The problem is bigger than just whether you know enough about all of the people behind each and every Twitter API based site to trust them. It's also encouraging the general practice of giving out a password for one site to a third party site. And just to be clear that I'm not singling Twitter out, sites that ask for your Yahoo/Google/Hotmail login and password to extract contacts from your address books to find potential nodes in a social network are just as guilty of this.

Sorry if I'm coming across as being too pedantic. It's my paranoid nature and information security training coming through. Of course, as they say, it's not paranoia if they really are after you.