Answering posts related to security concerns is the least I can do, I understand how stressful and frustrating a time it can be.
The comments were not made flippantly, but from an understanding of exactly how the plugin interacts with Twitter. When you are forwarded to Twitter to give permission to my Twitter App it displays these messages:
This application will be able to:
- Read Tweets from your timeline.
- See who you follow.
This application will not be able to:
- Follow new people.
- Update your profile.
- Post Tweets for you.
- Access your direct messages.
- See your Twitter password.
The important take home message from this, is that even if I wanted to abuse the plugin myself I would not be capable of doing what happened to your account with the access the plugin is granted. At no point does the plugin have the ability to edit/add information to your Twitter account, and the only pieces of information it can fetch are publicly available.
This also means that any third party which got in-between would similarly be incapable of performing the acts which were done to your account. This is the main reason I made sure the Twitter App permissions were so specific and only included public information.
You may want to look further afield for issues just to be safe, the Twitter website will send an email to your old email account if the email address is changed, so if you see no email it could be that your email account is compromised too (and they deleted the email from Twitter notifying you the address had been changed).
I am genuinely sorry for the loss of your Twitter account and the stress attempting to fix it has caused you. I hope you manage to re-claim your account.