I still don’t really see it as much of a security issue in the first place. If a mod authorizes an app that then happens to break and do bad things, then the broadcaster can unmod the mod responsible for it (at least temporarily until the mod can act). Maybe I also don’t really see it as much of an issue because the kinds of tools I’m thinking of don’t do anything automated, it’s still the mod making the decisions.
But even that aside, for me it all comes down to what a mod does: If they do their job well, then all is fine. If they don’t do their job well, either through the website or through a third-party tool (whether on purpose or accidentally because their tool breaks), then the broadcaster will need take action either way (and actions need to be logged at least by mod name in any case to avoid rogue mods). Showing which tool performed an action or banning client ids were just additional ideas that could be useful in some cases, but I don’t think they’re really necessary in the first place.
But I don’t think this discussion is really progressing anymore, we appear to just have different opinions on this. Thank you for your thoughts.