Thanks Taylor
It’s insecure for JavaScript to use the Twitter 1.1 API directly because of oauth issues, so a task specific, very constrained proxy seems like the correct way to go. Can you recommend another way to structure this?
As far as creating an open proxy, the actual search call from the JavaScript uses an opaque, random, limited duration, and browser specific, query id, not the standard Twitter API parameters. There are also a number of other constrains that would make it very difficult to leverage this proxy. The security of public REST APIs that must interact with client-side JavaScript is a large and complicated issue, but suffice to say we are aware of the issues involved.
