I refuse to add any JavaScript loaded from third party domains for a good reason. I do not trust CDNs, I do not trust Google, I do not trust Facebook and I do not trust Twitter either.
Adding JavaScript from third party domains is dangerous and effectively opens up a terrible backdoor for the loaded script to hijack the browser and session. It used to be a conspiracy theory, but in times of Edward Snowden and the NSA spying scandal you should really rethink this.
The urls/count.json is the only piece missing to create a twitter button which includes an URL count and does not require untrusted code to be loaded from Twitter directly.
I can rather live with an undocumented API - which might break in the future - than opening up a backdoor in my websites.
Is there any penalty involved when using this API nonetheless? I would like to use this to query share count. Refreshing the count every now and then (e.g. hourly) is sufficient and will generate way less load on the Twitter network than a regular Twitter button.
