[joffreyf]

Hi, I'm one of the developers who's been working on this project at dotCloud, and more specifically on the twitter service. The example you're citing shows what I figured was the shortest way to try out the twitter API integration. And you're absolutely right for saying that as soon as your app goes public, it sucks.

This is why this call only has to be made one time ; the key and secret are then securely persisted into the database and the consumer secret can be ommitted in all subsequent calls. Alternatively, we also provide an API endpoint that you can just curl to provide the consumer key/secret. Our "detailed" documentation (http://js.dotcloud.com/doc.html#c4) is more thorough on that matter.

Hope that answers your question!

Edit: sorry for the late response, happened to be out of town for the last three days. Bad timing. :(