Get started on http://oauthlib.readthedocs.org/en/latest/oauth2/security.html

Possible topics

• The importance of HTTPS
• Issues that can come from multiple grant type clients and token "sharing"
• Rotating refresh tokens