Given the number of people that have had their accounts hacked recently, there are a lot of people getting very nervous about entering their Twitter username & password anywhere.
I also had a bit of a look at the login process & realised - once the login window pops up, it could be pointing anywhere. I.e. without digging deeply into things (e.g., even View|Source on the page wouldn't necessarily confirm the originating site), how would a nervous/unsuspecting user know that we were legit?
Obviously this isn't good.
So, I've updated the login window.
The location bar now shows at the top of the login window. It's a bit uglier, but a lot clearer.
You can now see that you're at Twitter.com when you're entering your username/password for OAuth authentication. You're only asked to enter username/password if you're not already logged into Twitter via the website, but anything that makes things just that little bit more obvious is always welcome.