Security: OAuth token non revokable
In the scenario that your OAuth token has been stolen by a malicious client there is no way to revoke it/all tokens.
Potential immediate fixes: changing password should revoke all tokens(?) or maybe a button in pleroma-fe/settings/security to revoke all tokens