Authorizing to Twitter using a Browser Extension is not trivial, the major problem there is that you need to have the Application Tokens somewhere, if you just put them in your source code without any obfuscation anyone can access and use them for whatever they want.
Even if they are obfuscated, this is still a problem, as it is relatively easy to get them, given that JavaScript is not a compiled language.
