Hiding the bird’s guts

Probably this is a stupid rant/question. If so, please clarify me. I can live without the insults. Really 🙂

OK, on to the relevant stuff. Twitter has a new OAuth authentication mechanism. To write an application able to post on twitter your application need to be registered and have a consumer key. That key is used to identify your application to twitter when requesting permissions to a user to post using her credentials.

Now, the problem is when your application is written in a scripting language, like Perl, Python, Ruby or anything similar. Will you insert this key verbatim in the source code? Then, when shipping your app, others can grab that token and use it as if it were your app. You can encrypt it, but you need to ship the decryption algorithm as well, so, making the key verbatim.

One of two things can be happening: or twitter guys are not good on this API thing, or I am being totally stupid.