actually, I did not have to provide a username. I signed in with twitter using my email address. Perhaps the additional username was only required for Facebook connections? Between the two, Twitter is the only one with a true username identification.
I assume it will prompt you if there is a username collision. that is what I did when I recently implemented it. I wouldn't even show that step and assume that primary username is tw or fb username unless there was a collision
there was a security hole on a site not long ago that would let you login to another account if you had the same username on one of the other logins. can't remember which site
