I blame everything WRT OAuth on Twitter. They were so focused on allowing "cool web mashups" (not a quote, I'm just using the term ironically) that they forgot that there's (le gasp) other things you can do with their API.
The most ridiculous part is that Twitter's Android client (and presumably their iOS one as well) uses some proprietary non-OAuth protocol to authenticate!
Finally, I might be wrong about this, but it seems that OAuth actually requires more session authentication hooplah then the HTML-based service it syndicates. I've just been so tempted to make a Twitter library that screen-scrapes the login page and then uses the web interface's API just to get our old authentication back, with a plain old cookie for authentication. Hell, if Twitter's so adamant about securing their API even if it means breaking the old way, why don't they just force it to be 100% HTTPS?
Anyways, /rant and all that.