Why use HTTP for Twitter API?

I'm not sure if this is the actual reason but using HTTP guarantees compatibility on any Drupal instance. HTTPS requires that PHP be compiled with SSL (though most are). An option to "use SSL" would be nice but until then, changing http://twitter... to https://twitter... works.

Twitter published the "Security Best Practices" page last month. Where they say

Don't do it. Don't store passwords. Just store OAuth tokens please"
[ http://apiwiki.twitter.com/Security-Best-Practices#PasswordRetention ]

They also recommend using SSL.

You can use https://twitter.com as the alternative API URL.

Sorry, I have to reopen this case/issue again.

@abraham, @binford2k: NO, I cannot use https://twitter.com as an alternative API URL (Twitter 6.x-2.5) -- the twitter module won't post anything (resp. it claims to have posted something but on Twitter nothing occurs).

... in addition to the above mentioned: when I post from an SSL URL e.g. https://sld-example.tld/edit/node/123, then the Twitter module 'twitters' the SSL URL of this node to/on Twitter.com (for instance as a tiny URL)! I find this very anoying, since I always need to think about changing from https:// to http:// when editing resp. creating a node.

BasicAuth is being removed from the TwitterAPI in June so if using the SSL URL as an alternative API URL or hardcoding the API URL in the module code don't work for you Have a look at v3 as it supports OAuth. I don't see how the Twitter module handles passwords changing other then to convert to OAuth.

As for comment 5 that is an unrelated issue and should address by creating/contributing to another issue.