What are Twitter's requirements for an app to get the ability to log in users via xAuth (as opposed to the traditional oAuth)? Are they stingy about who they allow to use xAuth, or are they generous -- i.e., is the approval process mostly bureaucratic, so they know which apps have access, or do they really think it over and reject a lot of apps that they don't think should have xAuth access? My guess is that it's a bit of both. And once you email the api@twitter folks, how long does it usually take for them to get back to you?
From what I have seen Twitter generally approves any kind of application that is not browser based. Browser based consists of websites and browser extensions and non browser based consists of OS applications that install on a computer or mobile device. They will also approve temporary access to migrate existing Basic Auth users to an OAuth application.
How long it takes to process requests depends on their time and the amount off applications queued for review. Generally the API support team will get back to you within a week. Currently they are probably backlogged from all the applications trying to launch at SXSWi.