While the DMs are ostensibly private, the reality is that any apps that have been approved to access your Twitter account can also see those “private” messages.
This message should go out through any of the social services you use…
There are only two types of account access authorizations: read-only, or read-and-write. In either case, the fact that the app has been granted permission to access the account at all means that all Twitter messages, including DMs are accessible to the app. In the event of read-and-write approval, the app could also delete your messages, or send messages out on your behalf.
Perhaps you should think twice next time before blindly approving some random app to access your Twitter feed. You can find out which apps have access to your Twitter messages by logging in to your account on the Twitter site. Click on Settings, then Connections. The fine print for each entry displays the type of access authorized (read-only or read-and-write), and a link is provided to “Revoke Access” for any that seem shady or unwarranted.
I know that many hate to read the fine print on anything, but with the invasiveness of these applets and their ability to open your privacy up to be publicly crawled, this is something that everyone should pay attention to.