The real news here, which is not how it's going to be reported, is that Twitter employees have the power to take over any user's account from within Twitter's backend and to post content from it. They also, as Kenny Klipps rightly notes, likely have access to your DMs.

And if you don't think that's a SIGNIFICANT problem https://www.washingtonpost.com/national-security/former-twitter-employees-charged-with-spying-for-saudi-arabia-by-digging-into-the-accounts-of-kingdom-critics/2019/11/06/2e9593da-00a0-11ea-8bab-0fc209e065a8_story.html

What could be planted in your DMs as evidence?

What information can be used to blackmail you?

The idea that anyone has the power to access your account as *you* from within Twitter's backend should horrify you.

1.5 million Americans hold top-secret clearances. How many Twitter employees have access to this tool? And how easy was it to phish the password off an employee? Now that Twitter is going all-remote, do you have to tunnel through a VPN to access the backend? Or is it public?

For all we know, every intelligence agency on earth could've burrowed their way into this thing by now.

You do not need the power to post as a user nor see all of their private messages to moderate the content they post on their timeline nor to see the DMs that are reported by other users for harassment. There is no technical justification for giving employees that power.

I don't understand people who act like computer security know-it-alls but think it's no big deal for a multibillion-dollar tech company to give exactly zero shits about the potential theft of 300 million users' identities