Re: There is a very clear risk
@Richard 12 - they can't log in as you using one of these apps. New logins aren't accepted, they still require the user/pass combo (which would fail), only pre-existing logins work. These apps are permanently logged in, and don't store passwords on the device, relying instead on this one-time token which was unaffected by the breach. To log in a different app on a different device would require a generation of a new token which would be issued on submission of the correct password, which would no longer work. The article says as much, namely logging out of the Twitter app (destroying the old OAuth token).
The title of the article is misleading "Twitter clients stay signed in with pre-breach passwords", it's not "with" pre-breach passwords. It's with a token unaffected by the breach.