The Twitter API keys should never be added to a code file because of security reasons. Exchanging the files with someone or uploading them somewhere can result in a potential security threat (An example commit from your repository (I hope they have been regenerated now) - here).
Possible fix
Using environment variables one can store these keys somewhere else (not in the file) but can still access them using the os library. This is the standard way of using sensitive API keys in a python project.
these variables must be loaded from the .env file so they don't have to enter the code just to modify them consumer_key = 'XXXXXXXXXXXX' consumer_secret = 'XXXXXXXXXXXX' access_token = 'XXXXXXXXXXXX' access_token_secret = 'XXXXXXXXXXXX
The keys used to authenticate with Twitter API are exposed. I think you already know this but you might forgot to .gitignore the personal keys. Its not safe to expose these keys out as recommended by twitter.