If you use Twitter dashboard client Tweetdeck, listen up - somebody, somewhere, has made a mistake, and you should log out right now until it's fixed. You should also revoke the access Tweetdeck has been granted to your Twitter account, which can be done by going into settings, going to the apps section, and clicking "revoke access" next to Tweetdeck.
What's happened here is that the thing that lets Tweetdeck know what's what in a tweet has changed. Think of it this way: a website doesn't look like a website to a web browser, but instead is rendered from lines of code. (Chrome and Forefox users can see the source code of any website by right-clicking and choosing "view source".) What should happen with Tweetdeck is that it interprets each tweet as a block of plain text, which it then displays as a tweet in one of its columns. The problem is that, when a tweet contains code, it isn't.
So, for example, this tweet...
Log out of https://t.co/SlWijVBqMi until this scripting security bug is fixed: <script>alert("XSS in tweetdeck");</script>
— Chris Williams (@diodesign) June 11, 2014
...will cause Tweetdeck to display a pop-up alert box with the text "XSS in tweetdeck" in it. (That your web browser doesn't do it is a sign that it's not an idiot, like Tweetdeck.)
Until Twitter - which owns Tweetdeck - pushes out an update (and they're usually pretty quick at these, but ohmygod how did a bug like this get pushed out?), there's a great explanatory video from Tom Scott that goes into what's known as cross site scripting, "the number one vulnerability on the web today":