It really depends on what kind of an application you are writing. Is this a binary being distributed? Is it a web app that the user runs locally? Is the code being hosted somewhere? Are you writing a CLI app to just post things to Tumblr?
In general, you can see how any open source twitter project stores tokens for everyone since they are still running the oAuth1.0a spec. Generally, you make a config file and have the user's place tokens in there.
There really isn't much more you can do.
OAuth2 is coming. We're currently working on it. A year ago we didn't see enough of a real adoption to do it, but now most of the kinks seem to be working out. It was part of one of the first posts on the developers blog.
We will release more as we get closer to it being ready.
Is there any twitter plugins for WordPress that auto tweet you could base a design off of?