Twitter BasicAuth required the developer of an application to store the username and password of the user, and transmit these along with each request.

OAuth is an open standard, where the user is redirected to Twitter, fills in his username/password there (or is already logged in) and then grants clearance for the application to use his account. The application never sees the username/password.

To quote the twitter pages:

Basic Authentication is a liability. By storing logins and passwords, a developer takes on additional responsibilities for the secure storage of those credentials; the potential harm to users if login credentials are leaked or abused is very high. Because many users utilize the same password across many sites, the potential for damage does not necessarily stop with their Twitter account.

See: http://dev.twitter.com/pages/basic_to_oauth

Note: I don't know anything about xauth, so leaving that up to others to answer.

xAuth is a simplified version of OAuth. It removes several steps, so your app sends an OAuth-signed POST request with the username and password to Twitter's servers (using https://api.twitter.com/oauth/access_token), which directly returns a consumer token and secret for use other requests.

You have to email the Twitter API team to enable xAuth for your app, after your app has OAuth access. See http://dev.twitter.com/pages/xauth .