The possibility of a Twitter account or Twitter itself being compromised doesn't imply that it is *currently* compromised already. There's a lot of value in Trust On First Use systems.
This Tweet was deleted by the Tweet author. Learn more
Conversation
It's how nearly everything works, and even systems like Domain Validation certificates are basically just delegated TOFU. We not only trust all these CAs but also rely on an attacker not doing a MITM of the initial verification by the CA, with only CAA as a way to mitigate that.