...he can hack ANY "twit"
Yes, that sounds about right.
A hacker calling himself the "Mauritania Attacker" claims he has compromised every Twitter user account on the planet - and leaked the OAuth tokens for thousands of Turkish tweeters. Meanwhile, a security researcher claims to have obtained similar details by creating a fake app that masqueraded as Twitter's own third-party …
The end of the stone age. Two bearded, loin-skinned cavemen stab around huge slabs of stone.
CAVEMAN1: Ha, ha, ha, only idiots use papyrus to writer "letters".
CAVEMAN2: Yeah! Ha, ha, ha! Everybody can read their letters. Ha, ha, ha! They should inscribe their messages on stone.
History does not record what happen to these men. Maybe we just haven't looked on the underside of the right rock.
Pretty much everything the Egyptians ever wrote on Papyrus has been lost through decay or fire. Most of what they carved into stone remains, and a large amount of that was idle boasting of riches and martial prowess.
Admittedly, benefitting future archaeologists isn't much of a selling point.
The "security researcher" is simply describing how OAuth 2 works. If a native application is acting as the client, it is normal for its "consumer secret" to be embedded somewhere in the application. There is no expectation that the consumer secret is actually secret.