Twitter Blog: All about the "onMouseOver" incident
Twitter writes at its TwitterBlog that the matter has been fixed and that more importantly:
"there is no need to change passwords because user account information was not compromised through this exploit."
Caveat Emptor. Everyone is at his or her own risk. Always be prudent and careful.