Quick Security Audit please

This code is for a microsite where the client wants their twitter feed to be displayed. The site is completely static other than this element so I’ve decided to use a cache file instead of a database.

The twitter class in use is here: http://github.com/j7mbo/twitter-api-php

$content = null;

if(file_exists(dirname(__FILE__).'/cache/twitter.json')) {
	$content = json_decode(file_get_contents(dirname(__FILE__).'/cache/twitter.json'));
	$content = ($content->checktime + 1200 > time() ) ? $content->tweets : null; 

if (is_null($content)) {

	$twitter = new TwitterAPIExchange(array(
	    'oauth_access_token' => 'redacted',
	    'oauth_access_token_secret' => 'redacted',
	    'consumer_key' => 'redacted',
	    'consumer_secret' => 'redacted'

	$content = array(
		'tweets' => json_decode($twitter->setGetfield('redacted')
			->buildOauth('https://api.twitter.com/1.1/statuses/user_timeline.json', 'GET')
		'checktime' => time()
	file_put_contents(dirname(__FILE__).'/cache/twitter.json', json_encode($content));
	$content = $content['tweets'];

The goal is to hit the API only once an hour and pull the most recent tweet. Presuming the cache directory permissions are strict as possible (webserver will be able to write) is there any security implications I’m overlooking?

The only hardening I can think of is to position the cache directory outside the webserver browse scope.

I dont think there are any as far as I can see. What are you worried about anyway? They are only tweets

I get nervous around disk writes.

You could go for SQLite instead. But it looks good as far as I can tell. One thing I’d change is lose the checktime you have in the JSON file, and use the mtime of the file instead. Not for security, but to ensure you don’t store data you don’t actually need to store.