Twitter's lack of real permissions system is really crazy, especially with the carte-blanche access all apps get to things like your Direct Messages. I doubt people are storing credit cards in there, but the article's right: it's similar to getting access to all text messages on a user's phone.<p>I run <a href="http://preyfetcher.com" rel="nofollow">http://preyfetcher.com</a> and signed up for read-only API access for that app because I wanted to let users know I wouldn't be messing with their account/data. Even so, more fine-grained permissions would be nice, ESPECIALLY for read/write apps. (Prey Fetcher actually DOES need access to DMs to check for new ones, but that's beside the point.)