Twitter, the wildly-popular microblogging service that’s the topic du jour amongst digital marketers these days, had a really bad weekend.

First, on Friday it came to light that a Twitter-oriented advertising network called Magpie was being used by affiliates to promote spammy affiliate links on Twitter. The affiliate links were presented as ‘testimonial‘ tweets and the users who sent them did not directly disclose that their tweets were paid.

Not surprisingly, this didn’t go over too well with Twitter users, many of whom were concerned that pay-per-tweet could destroy the authenticity that Twitter has built its reputation on. Making matters worse: many missed the fact that the paid tweets included affiliate links, resulting in the misdirected criticism of companies, like Apple, that didn’t actually pay for the tweets.

But if paid tweets were considered a nuisance or threat to Twitter, that was only the beginning.

Twitter was hit by a cross-site scripting hack on Saturday that hijacked victims’ Twitter accounts to promulgate messages promoting a third party website.

The 17-year-old behind that website has claimed responsibility for the hack, which reportedly took advantage of a recent change in Twitter’s authentication setup to execute malicious JavaScript code. By merely visiting an ‘infected‘ Twitter account, Twitter users with JavaScript enabled would find their accounts hijacked too. Although Twitter responded fairly quickly to the incident, new variants of the hack popped up almost immediately and as of Monday, security vendor F-Secure wrote that “Twitter administrators don’t seem to be able to shut down the various XSS / CSRF worms that have been plaguing the service over the weekend.

Needless to say these incidents raise concerns about Twitter and what its future might look like. As Twitter grows in popularity and attracts more mainstream attention and users, these sorts of issues are going to become more and more common. That’s not all bad; experimentation within limits is natural. What those limits are, however, is often subjective, although it’s safe to say that hacking and paying Twitterers to spam affiliate links are not likely to be on the official list of appropriate Twitter behaviors.

But that doesn’t mean people won’t engage in them, which brings us to the next question: is Twitter destined to become a hub for spam and paid tweets? Will hackers have a field day and turn the service into a security liability? Will early adopters and Twitter ‘purists‘ be driven away?

Thus far Twitter has stuck to a laissez-faire approach, which is one of the reasons the service has been so successful. But in the face of hackers, spammers, impersonators and the like, Twitter may be forced to reconsider that laissez-faire approach now that it’s hit the big time.

One thing is for sure: Twitter is changing, for better or worse.