Comment Re:My guess (Score 2) 262
There's nothing in oAuth that requires that the key be secret, indeed, I think the oAuth spec specifically discourages depending on the oAuth key as a reliable indicator of the application, precisely because there's no real way to keep it secret. It's companies like Twitter, who insist on uses the obviously not secret oAuth key as if it were secret, that are doing it wrong.