Today I got feedback from a user that she was not happy to authorize the app for:
1) Read Tweets from your timeline.
2) See who you follow, and follow new people.
3) Update your profile.
4) Post Tweets for you.
She was mainly concerned with 2) and 3). Which I perfectly understand from the users point of view: Why do I need to give those permissions for just posting a Tweet?.
Our app is configured with Read/Write permission and actually only needs permission to post a tweet on behalf of the user. Maybe a separate "Share" permission level that only allows an app to post a Tweet on behalf of the user solves this problem.