Hi there,<p>I am implementing an API backend for a mobile app and I want to know how can I secure it. Users won't have usernames and passwords, they will signup on the mobile app using Facebook/Twitter.<p>Is passing OAuth tokens with the request to the API considered secure? What happens when an OAuth token gets stolen or spoofed from the network?<p>Thanks for taking the time to answer.