UPDATE: Here’s the latest on the Twitter security bug directly from Twitter’s status blog:
We’ve identified and are patching a XSS attack; as always, please message @safety if you have info regarding such an exploit.
We expect the patch to be fully rolled out shortly and will update again when it is.
Update (6:50 PDT, 13:50 UTC): The exploit is fully patched.
But what this also means is that the fix has not been fully rolled out to all users.
So proceed with caution on Twitter, at least throughout today.