I think you may be encoding your oauth request incorrectly. I was able to send a successful search query to 1.1 with a blank ‘q’ parameter.
Here’s what my signature base string looked like:
GET&https%3A%2F%2Fapi.twitter.com%2F1.1%2Fsearch%2Ftweets.json&geocode%3D37.781157%252C-122.398720%252C1mi%26oauth_consumer_key%3D...%26oauth_nonce%3DToul8%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1364420628%26oauth_token%3D...%26oauth_version%3D1.0%26q%3D
In the v1 world an invalid signature would have fallen back onto anonymous quota, which may be why you didn’t notice this earlier.
