src/main/java/com/twitter/joauth/Signer.java (2 lines):
	- line 76: private static final String AND = "&"; //TODO: move to Normalizer
	- line 95: //TODO: Mac looks thread safe, if not consider synchronizing this


src/main/java/com/twitter/joauth/keyvalue/KeyValueParser.java (2 lines):
	- line 49: TODO: optimize this, no need for regex here
	- line 90: //TODO: This is not used, remove?


src/main/java/com/twitter/joauth/Unpacker.java (2 lines):
	- line 40: //TODO: callback and checker can be removed. unnecessary indirection, carried over from scala.
	- line 122: //TODO: make sure oauth1 and oauth2 check is correct.


src/main/java/com/twitter/joauth/OAuthParams.java (1 line):
	- line 178: // TODO: This needs clean up. replace the if/else with enum/map-lookup


src/main/java/com/twitter/joauth/keyvalue/KeyValueHandler.java (1 line):
	- line 208: invoked = true; //TODO: bug? should invoked be set to true, if _key is not set?


src/main/java/com/twitter/joauth/UrlCodec.java (1 line):
	- line 23: //TODO: is this necessary? can we just call isUnreserved((char)b) ?


src/main/java/com/twitter/joauth/UnpackedRequest.java (1 line):
	- line 344: //TODO: remove MaxTokenLength, this limit is specific to twitter


src/main/java/com/twitter/joauth/Normalizer.java (1 line):
	- line 64: /* TODO: there is no way to clear string builder in java. see what can be done here.


src/main/java/com/twitter/joauth/Verifier.java (1 line):
	- line 29: //TODO: swap the order of the consumerSecret and tokenSecret because consumer secrets are required for all oauth1 requests