First off: nice extension, great work!

Storing the twitter password as plain text in the database is not perfect, but manageable. But(!) ... in line 37 of WEB-INF\src\TwitterWorkflowAction.java , the code logs the Twitter password into catalina.out along with the Twitter username for each tweet that is sent. That is simply wrong! Logging it on DEBUG is understandable in a development environment, but providing it to the outside world with this logging on INFO level... :-(.
It seems that community.kablink.org has this extension enabled, so every user who tested this and tweeted has their twitter password stored in the kablink.org catalina.out, readable for everyone with access to the disk.

Could s/o fix this in the source and update the download? I guess this comment should make sure that no one uses the current version of the extension in production without knowing about the leak.

All the best and keep up the good work.

Christian

--
Christian Giese
Code and Concept - Ebell & Giese GbR, Munich  - http://www.CodeAndConcept.de