This is something close to my interests, as spoofing text from another user is something I take very seriously in all the community services I work on or build. I tried to replicate the vulnerability explained in the O'Reilly piece with Pitch, and it's thrown up an interesting side piece in relation to these services: You can spoof the sender MSISDN when sending an SMS message to a UK long number, but not to a shortcode. It seems shortcodes – at least if properly configured and managed – will set the sender MSISDN to the real sender MSISDN, as the numbers come across the cellular network, not the IP network, and require verification as they can be used for premium billing.
So as long as Twitter uses a shortcode in the UK, they can't, as far as I know, be spoofed.
_uacct = "UA-1611786-2";