It prevents leak of plaintext passwords. I suppose impersonation by a twitter employee is not a concern, because they already have access to the twitter system from inside.