I would like explain issue in detail.
I created a new twitter account and now I want to tweet from my new account using the application I created. I got access token for this new account from twitter after authorization.
Now with the help of access tokens and consumer tokens I was able to tweet/update from this application to my new account.
Here comes the issue.
Just with the help of access tokens of an account and consumer tokens of application we are able to tweet from this application to my new account.
These access tokens are static.
What if hacker built an application and provided good features and if user registers to this application using oAuth. hacker can store access tokes and will able to hack twitter accounts using these access tokens.
Access tokens should be dynamic.