Just curious it it really necessary to store API secret keys on each user that Authenticated via twitter ?
I havent delved into the internals of it but its just something that struck me as odd because the user can see these creds in their local cookie
