Absolutely. In the case of Facebook, it's easy to imagine them logging into websites as you to slurp up your contact list on that site. Don't worry, you agreed to it somewhere in the thousand pages of small print!
Or as the case of twitter demonstrates, you're also trusting all future owners of the Oauth provider, whoever they may be. If an erratic billionaire with a penchant for breaking the rules whenever it suits him buys your Oauth provider, who's to say what he'll do with his new access? He could treat your accounts as his personal toys. Better hope you don't earn his personal ire when he's on another wine and ambien bender.
Or as the case of twitter demonstrates, you're also trusting all future owners of the Oauth provider, whoever they may be. If an erratic billionaire with a penchant for breaking the rules whenever it suits him buys your Oauth provider, who's to say what he'll do with his new access? He could treat your accounts as his personal toys. Better hope you don't earn his personal ire when he's on another wine and ambien bender.