Thread:Talk:OAuth/OAuth plans/reply (3)

We don't want an app to make actions using a user's account that the user didn't want to be made. But it's 3rd party code, there's no way to guarantee that. So, every change gets associated with what app made it. So when an app goes rogue and starts abusing dozen's of users accounts to spread goatee images, we know precisely which app is responsible, and we can blacklist it and revoke it's permission to do anything with any user account.